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Conventions 


‘one Notes provide additional useful information. 





dt Cautions signify information that could prevent service interruption. 











Warnings provide information that could prevent damage to the equipment or 


W ARNING endangerment to human life. 





Service and Warranty 


For information on the service and warranty of ADTRAN products, visit the ADTRAN website at 
http://www.adtran.com/support. 


Export Statement 


An Export License is required if an ADTRAN product is sold to a Government Entity outside of the EU+8 
(Austria, Australia, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, 
Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden, 
Switzerland and the United Kingdom). This requirement is per DOC/BIS ruling G030477 issued 6/6/03. 
This product also requires that the Exporter of Record file a semi-annual report with the BXA detailing the 
information per EAR 740.17(5)(e)(2). 


DOC - Department of Commerce 
BIS - Bureau of Industry and Security 
BXA - Bureau of Export Administration 
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REFERENCE GUIDE INTRODUCTION 


This manual provides information about connecting your product, using the ADTRAN Operating System’s 
(AOS) command line interface (CLI), and executing the commands available with the NetVanta Series 
units and Total Access 900 Series units. 


If you are new to the AOS CLI or new to the world of routers, please take a few moments to review the 
information provided in the sections which follow. 


If you are already familiar with ADTRAN NetVanta and Total Access 900 units and looking for 
information on a specific command or group of commands, please proceed to Command Descriptions on 
page 22 of this guide. 


AOS UNIT INTRODUCTION 


External Parts 


To connect and use your new AOS unit, first familiarize yourself with the external setup of the unit. Each 
product has a serial port on the back of the unit. The port is marked CONSOLE and connects the unit 
directly to your PC via a standard DB-9 serial cable. 


Other features vary from unit to unit, but include power connections, physical interface connections (such 
as DBU or WAN), and status LEDs along the front that indicate the status of your unit. For a more detailed 
description of your particular product, please refer to the Hardware Installation Guide on the AOS 
Documentation CD included in the shipment. 


Internal Parts 


In order to fully understand product operation and receive the full benefit of the included guides, you 
should be familiar with the unit’s internal parts, which can be divided into five main categories. 


1. ROM - Read Only Memory 


Read only memory (ROM) is a permanent form of memory stored in chips within the unit and houses 
information used by the AOS unit on initial startup. Examples of information stored in ROM are the 
Power-On Self Test which initializes upon boot up and checks the unit’s functionality; the Bootstrap 
Startup Program which actually starts the unit; and the basic form of the AOS software. 


2. Flash Memory 


Flash Memory is memory located in a memory chip that is not only erasable, but also reprogrammable, 
allowing for software upgrades without chip removal. The flash memory in your unit contains the full 
AOS and can be used to house copies of the configuration files and application images that are used at 
initial unit startup. 
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3. RAM - Random Access Memory 


RAM is the computer memory that functions as the working memory of your AOS unit. When the unit 
is on, the RAM provides memory for caching, packet buffering, holding routing tables, and housing 
the running operating system. When the unit is first powered on, RAM executes the application codes 
from flash memory and the startup configurations from NVRAM, and when the unit is powered off or 
reset, RAM loses all data. 


4. NVRAM - Nonvolatile Random Access Memory 


NVRAM is the general name for any RAM that does not lose its information at power down (for 
example, flash memory). In this case, NVRAM has a separate memory function than the flash memory 
and is used to house the unit’s startup configurations. 


5. Interfaces 


Interface is the term used to describe how your unit is connected with its outside environment. There 
are a variety of interface categories, as well as interface types. Interface categories include line 
interfaces, physical interfaces, and virtual interfaces. 


e Line interfaces describe the way you are communicating with your unit (for example, by console 
or Telnet). 


e Physical interfaces describe the way your unit is physically connected to other units or devices (for 
example, via Ethernet, T3, serial, or ADSL). 


e Virtual interfaces describe the way your unit receives information, whether by Frame Relay, PPP, 
VLAN, or ATM, to name a few. 


The user can configure a unit’s interfaces through the interface command sets (refer to Configuration 
Command Sets on page 14). 
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INTRODUCTION TO COMMAND LINE INTERFACE 


The CLI is the method used to communicate with your AOS unit. While it describes the method used to 
communicate, such as by console or Telnet, it also refers to the way information is passed to the unit. As a 
text-based user interface, the CLI prompts you to input commands line by line when you interface with the 
AOS unit (hence the name command line interface). 


Introduction to Commands 


The most important part is understanding that your commands make the AOS unit function. The right 
commands lead to a fully functioning unit, whereas improperly entered or forgotten commands keep the 
unit from functioning. To properly use commands, you must understand what function you want the AOS 
unit to complete and what syntax the unit understands as instructions. Each command has its own role 
within the operating system, and it is the responsibility of the operator to become familiar with specific 
commands and command sets. 


How Commands Function 


Commands are composed of two main parts. The most important part is the command itself, or the 
command word. Most command words are short and straightforward (for example, do, exit, or 
configure). Command words are entered immediately after the command prompt in the CLI. 


The second part of a command is its argument. An argument is a specification that modifies the command. 
In the command show flash, show is the command word and flash is the argument because it modifies the 
command show. Commands can have any number of arguments, depending upon the action required of the 
unit, and in some instances you have a choice of arguments to use. 


AOS Command System 


ADTRAN products, training tools, and manuals follow a specific system for entering and referencing 
commands. Items that are typed in bold are the required commands and arguments for a certain action. In 
the following documentation, you will see commands in bold after an example prompt. They look similar 
to this: 


>enable 

#configure terminal 
(config)#line telnet 4 
(config-telnet4)# 


In the example above, the characters >, #, (config)#, and (config-telnet4)# are the prompts after which 
commands are entered. In this example, the words in bold (enable, configure terminal, and line telnet 4) 
are the entire commands and constitute what should be typed after the prompt. It is important to pay 
attention to the prompt you are given when communicating with your unit, as some commands only work 
in certain modes, which are signified by the prompt. The different prompts and modes are discussed later 
in this guide. 


In some commands, you are given a choice of arguments. If this is the case, the manual or guide will place 
a vertical bar (|) between your choices as seen in this example: 


#show flash | cflash 
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Again, remember the # is your prompt, the command word is show, and your choices of arguments are 
flash and cflash. 


Other commands require you to enter your own information. Information within a command line that 
pertains to your personal unit is set off with the greater-than (<) and less-than symbols (>). The description 
of the information required is contained within the greater-than and less-than symbols and is typed in 
italics. For example: 


#copy <file source location> <config-file> tftp 


In this case, # is again your prompt, the command word is copy, the information needed from you is the 
source location of the file you want to copy (the first set of < >) and the configuration file type (second set 
of < >), and tftp represents the location in which to copy the file. 





‘ore For more detail on how commands are referenced, please visit http://kb.adtran.com. 





Types of Commands 


There are three types of commands in the CLI. Each type of command signifies a different function. 


Global Commands 


Global commands make changes to the functioning of the entire unit. Global commands correspond to the 
Global Configuration mode of the unit and require a password to access since they affect the entire system. 


Major Commands 


Major commands allow only parts of the product to be configured. Major commands correspond to the 
Enable mode of the unit and also require a password since they affect functioning parts of the unit, even 
though they do not affect the entire system. 


Subcommands 


Subcommands are the commands that do the actual work of configuring unit parts. Subcommands 
typically follow major commands, and in essence tell the unit to follow through with the major command’s 
direction. 
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USING THE CLI 


This portion of the Command Reference Guide introduces you to the basic concepts and strategies 
associated with using the AOS CLI. 
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Connecting the Unit 


For the initial use, the unit should be connected to a computer or a VT100 terminal. To connect the unit, 
simply connect a DB-9 straight-through male-to-female serial cable to the CONSOLE port (on the back) 
and to your PC or VT100 terminal. 


Accessing the CLI from Your PC 


All products using the AOS are initially accessed by connecting a VT100 terminal to the unit or using a 
terminal emulation program with a PC. Most Windows® PCs come with a program called Hyperterminal®, 
which is located under Programs>Accessories>Communications. The latest versions of Hyperterminal 
can also be downloaded from the Internet. 


Emulation Settings 


Once you have connected via VT100 terminal or have found the Hyperterminal program, set the program 
settings as follows: 


¢ 9600 baud 
¢ 8 data bits 
e No parity 
¢ — 1 stop bit 


¢ No flow control 


If you are using a Hyperterminal program, name your new connection and then set up the new connection 
via the resulting dialog box. The box allows you to determine the type of connection you are using. Verify 
COM 1 and select OK. 


Another dialogue box appears for entering the COM 1 properties. Enter the program settings in this box; 
select APPLY and then OK. You should then be presented with a terminal window with which to interface 
with your unit. 
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Unit Boot Up 


After configuring your PC (or VT100 terminal), plug the unit into the wall and turn on the power. The unit 
begins the boot up process, which includes the following: 


e The Power-On Self Test runs. This test checks the unit hardware for normal operation. The hardware 
includes the central processing unit (CPU), the memory, and the interfaces. 


¢ The Bootstrap Startup Program (factory set in the ROM) runs. 


¢ The Bootstrap Startup Program is read by the unit to discover the proper source for the operating 
system image. 

e The operating system image is loaded into RAM. 

e The configuration file saved in NVRAM is loaded into RAM, where it is accessed by the unit and then 
executed one line at a time. 


If no configuration file is found in NVRAM (there will not be one found on initial setup), you are 
presented with the following prompt on your terminal or Hyperterminal screen: 


Session Now Available 
Press RETURN to get started 


After pressing return, a prompt appears for communication with your unit. 


Understanding Command Modes 


As you begin communication, you should understand the command modes. Just as there are different 
levels of commands in the CLI, there are different modes for commands within AOS itself. Each command 
mode enables the user to access more commands, and make more changes in the unit’s configuration. 


The CLI has three command modes: Basic, Enable, and Global. The three command modes are organized 
in a three-tiered hierarchy with Basic at the bottom, Enable in the middle, and Global at the top. 


Basic Mode 


Interaction with your unit begins at the Basic mode. The commands supported at this command tier are 
limited, as is interaction with the unit itself. The Basic mode is to keep users without access to the higher 
tiered commands from changing the preferred configurations of the unit. The following table describes the 
Basic mode. 











Mode Access By... Mode Prompt /|Accessible Commands 
Basic Beginning an AOS session |> ¢ Display system information 
« Perform traceroute and ping 
functions 
* Open a Telnet session 




















For more information on the Basic mode, please refer to Basic Mode Command Set on page 32. 
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Enable Mode 


Enable mode is the mid-level tier in the command hierarchy, one step up from the Basic mode. ADTRAN 
suggests that a password be required to access the Enable mode. Refer to the Quick Configuration Guides 
and Quick Start Guides located on the AOS Documentation CD for more information on configuring a 
password. 


From the Enable mode, you can access the configurations of your product as well as handle how your unit 
boots and runs, among other things. The following table describes the Enable mode. 











Mode Access By.... Mode Prompt /|Accessible Commands 
Enable Entering enable while in the |# « Manage the startup and running 
Basic mode as follows: configurations 
>enable « Use the debug commands 
¢ Enter any of the configuration modes 




















For more information regarding the Enable command set, refer to the Enable Mode Command Set on page 
60. 


Global Mode 


The Global mode is the highest level tier within AOS. The Global mode allows the user to make changes 
regarding the entire product system. All of your system’s configurations are accessed through the Global 
mode. From this level you can access not only line configurations, router configurations, and interface 
configurations, but also any other configurations or parameters on your system. The following table 
describes the Global mode. 











Mode Access By... Mode Prompt /|Accessible Commands 
Global Entering config while at the |(config)# « Set the system’s Enable-level 
Enable mode as follows: password(s) 
>enable * Configure the system global IP 
# parameters 
#config * Configure the SNMP parameters 
« Enter any of the configuration modes 




















For more information on the Global mode, refer to Global Configuration Mode Command Set on page 593. 
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Understanding Configurations 


Configurations are the means by which you set up your unit and system according to your personal 
requirements and preferences. You must configure your unit to work within your network, based on your 
hardware and communication systems. 


All configurations are accessed through the Global mode. By typing in config at the Enable mode prompt, 
you will be ready to specify the configuration you want to access. 


For each configuration, enter the word or phrase that correlates with the system you are configuring. There 
are different command sets for each type of configuration. These command sets are detailed in the 
following section. 


Configuration Command Sets 


The configuration command sets are broken down into categories of similar functions. For example, all 
commands dealing with configuring the line interface are grouped together, as are configuration 
commands dealing with your hardware, commands dealing with your virtual network, and so on. The 
following sections deal with each category of command sets. For a complete list of command sets and their 
reference pages, refer to Command Descriptions on page 22. 


Line Interface Command Sets 


The line interface commands deal specifically with the way in which you communicate with your device. 
The first time you connect with your unit, you must use the CONSOLE port in the rear of the unit, but 
connections thereafter can be set up via the CONSOLE port, a terminal interface, or by Telnet. The line 
interface command sets allow you to configure each method of connection to your preferences. 


The following table gives an example of the line interface command set. For a more detailed description, 
refer to Command Descriptions on page 22. 








aoa Accessed By... Sample Prompt |With This Set You Can... 

et 

Line Interface |Specifying a line (console, |(config-con0)# * Configure the console or terminal 
Telnet, SSH) at the Global settings (data rate, login password, 
mode prompt as follows: etc.) 
>enable * Create Telnet logins and specify their 
#config parameters (login password, etc.) 
(config)#line console 0 
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Physical Interface Command Sets 


The physical interface commands of your unit deal with the medium over which your data is actually 
transmitted and the physical hardware associated with your unit. Included in the physical interfaces are 


Ethernet cables, serial interfaces, T1 cables, etc. These configurations must be set up to work with the type 
of network you have. 


The following table describes the physical interface command sets. For a more detailed description of the 
physical interface command sets, please refer to Command Descriptions on page 22. 








eae Accessed By... Sample Prompt /|With This Set You Can... 
et 
Physical Specifying an interface at |(config-adsl0/1)# |* Configure the parameters of your 
Interface the Global mode prompt as physical connections 
follows: * Configure your physical network 
>enable 
#config 








(config)#interface adsl 0/1 














Virtual Interface Command Sets 


The virtual interface is similar to the physical interface in function, except that it deals with your virtual 
network. In essence, as your physical interfaces deal with your actual physical connections, virtual 
interfaces deal with how your information is transmitted over those physical connections. Virtual 
interfaces deal with your networking through protocols, such as ATM, Frame Relay, HDLC, PPP, VLAN, 


etc. The virtual interface commands allow you to fully integrate your unit into your existing networking 
setup. 


The following table gives an example of the virtual interface command set. For more information on 
virtual interfaces, refer to Command Descriptions on page 22. 











Command _§|Accessed By... Sample Prompt |With This Set You Can... 
Set 
Virtual Specifying an interface at | (config-fr 1)# ¢ Determine the parameters of 
Interface the Global mode prompt as information flow 

follows: . 


Configure your unit's methods for 


>enable communicating with other devices 


#config 
(config)#interface 
frame-relay 1 
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Wireless Interface Command Sets 


The wireless interface is similar to both the physical and virtual interfaces in function, except that it deals 
with your wireless network. Wireless interfaces allow the configuration of wireless access points (APs), 
access point radios, and virtual access points (VAPs). 


The following table gives an example of the wireless interface command set. For more information on 
wireless interfaces, refer to Command Descriptions on page 22. 














Command Set |/Accessed By... Sample Prompt |With This Set You Can... 

Wireless Specifying a wireless (config-dot11ap * Configure your unit’s wireless 

Interface interface at the Global mode |1)# parameters (radios, APs, VAPs) 
prompt as follows: * Configure how your wireless 
>enable network will integrate with your 
#config wired network 
(config)#interface dotitap 1 














Virtual Private Network (VPN) Parameter Command Sets 


The VPN parameter command sets deal with the encryption and security on your private network. To 
allow you the utmost in security, the VPN parameter commands allow you to configure how your unit will 
behave as it communicates with other devices. VPN command sets allow you to configure internet key 
exchange (IKE) parameters, crypto parameters, and certificate parameters. 


The following table gives an example of the VPN parameter commands. For a more detailed listing of 
commands, refer to Command Descriptions on page 22. 








Command Set |Accessed By... Sample Prompt |With This Set You Can... 
VPN Parameters | Specifying which parameter you |(config-cert- ¢ Determine how your unit 
wish to set at the Global mode _ |chain)# authenticates communication 
prompt as follows: * Setthe parameters for keeping 
>enable your unit secure 
#config 
(config)#crypto ca certificate 
chain MyProfile 























60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 16 





Command Reference Guide Configuration Command Sets 





Routing Command Sets 


The routing command sets for the product serve two functions. Routing commands not only address the 
manner in which your unit routes and disseminates information, but they also provide an additional level of 
security for your network. Routing commands include parameters, such as AS path list, community list, 
and network monitoring, and they determine whether your unit routes via RIP, OSPF, or PIM sparse. 


The following table gives an example of the routing command sets. For a complete list of routing 
commands, refer to the Command Descriptions on page 22. 











Command Set |Accessed By... Sample Prompt |With This Set You Can... 
Routing Specifying which routing (config-ospf)# ¢ Determine which devices are 
parameter you wish to set at compatible with your network 
the Global mode prompt as ¢« Determine how your unit 
follows: routes traffic and information 
>enable 
#config 
(config)#router ospf 




















Voice Command Sets 


Voice command sets deal with the functioning of voice data within your network. The commands allow 
you to configure how your unit handles analog information through voicemail, voice groups, voice trunks, 
and more. 


The following table gives a small example of the voice command sets. For a more detailed description, 
refer to Command Descriptions on page 22. 











Command Set |Accessed By... Sample Prompt With This Set You Can... 
Voice Specifying the voice technology |(config-1234)# ¢ Set parameters for voice 
you would like to configure at integration into the network 
the Global mode prompt as ¢« Determine how your network 
follows: handles analog data 
>enable 
#config 
(config)#ring-group 1234 























60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 17 


Command Reference Guide Configuration Command Sets 





Security and Services Command Seis 


The security and services command sets provide methods for you to configure additional security for your 
unit, as well as determine the types of services you want your unit to perform. Included in these command 
sets are quality of services (QoS) maps, DHCP pools, and route map configurations. 


The following table includes an example of the security and services commands. For a more detailed 
listing of the command sets, refer to Command Descriptions on page 22. 











oe Accessed By... Sample Prompt |With This Set You Can... 
et 
Security and |Specifying the service you |(config-sg-radius)# |* Map the quality of a variety of 
Services would like to perform at the services 
Global mode prompt as * Set the parameters for the DHCP 
follows: * Configure the unit’s route map 
>enable 
#config 


(config)#aaa group server 
radius myServer 
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Using CLI Shortcuts 


The AOS CLI provides several shortcuts to help you configure your AOS product more easily. See the 
following table for descriptions. 





Shortcut 


Description 








Up arrow key 


To redisplay a previously entered command, use the up arrow key. Continuing to 
press the up arrow key cycles through all commands entered, starting with the most 
recent command. 





<Tab> key 


Pressing the <Tab> key after entering a partial (but unique) command will complete 
the command, display it on the command prompt line, and wait for further input. 





The AOS CLI contains help to guide you through the configuration process. Using the 
question mark, do any of the following: 
Display a list of all subcommands in the current mode. For example: 


(config-t1 1/1)#coding ? 
ami - Alternate Mark Inversion 
b8zs - Bipolar Eight Zero Substitution 


Display a list of available commands beginning with certain letter(s). For example: 


(config)#ip d? 
default-gateway dhcp-server domain-lookup domain-name domain-proxy 


Obtain syntax help for a specific command by entering the command, a space, and 
then a question mark (?). The AOS CLI displays the range of values and a brief 
description of the next parameter expected for that particular command. For example: 


(config-eth 0/1)#mtu ? 
<64-1500> - MTU (bytes) 





<Ctrl + A> 


Jump to the beginning of the displayed command line. This shortcut is helpful when 
using the no form of commands (when available). For example, pressing <Ctrl + A> 
at the following prompt will place the cursor directly after the #: 

(config-eth 0/1)#ip address 192.33.55.6 





<Ctrl + E> 


Jump to the end of the displayed command line. For example, pressing <Ctrl + E> at 
the following prompt will place the cursor directly after the 6: 


(config-eth 0/1)#ip address 192.33.55.6 





<Ctrl + U> 


Clears the current displayed command line. The following provides an example of the 
<Ctrl + U> feature: 


(config-eth 0/1)#ip address 192.33.55.6 (Press <Cirl + U> here) 
(config-eth 0/1)# 





auto finish 








You need only enter enough letters to identify a command as unique. For example, 
entering int t1 1/1 at the Global configuration prompt provides you access to the 
configuration parameters for the specified T1 interface. Entering interface t1 1/1 
would work as well, but is not necessary. 
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Performing Common CLI Functions 


The following table contains descriptions of common CLI commands. 





Command Description 








do The do command provides a way to execute commands in other command 
sets without taking the time to exit the current command set. The following 
example shows the do command used to view the Frame Relay interface 
configuration while in the T1 interface command set: 


(config)#interface t1 1/1 
(config-t1 1/1)#do show interfaces fr 7 











no shutdown To activate an interface, enter no shutdown followed by the interface. 
For example: 
no shutdown t1 1/1 

no To undo an issued command or to disable a feature, enter no before the 
command. 


no debug voice 


copy running-config When you are ready to save the changes made to the configuration, enter this 
startup-config command. This copies your changes to the unit’s nonvolatile random access 
memory (NVRAM). Once the save is complete, the changes are retained even 
if the unit is shut down or suffers a power outage. 


show running config Displays the current configuration. 


debug Use the debug command to troubleshoot problems you may be experiencing 
on your network. These commands provide additional information to help you 
better interpret possible problems. For information on specific debug 
commands, refer to the debug section beginning on page 159. 


undebug all To turn off any active debug commands, enter this command. 








The overhead associated with the debug command takes up a large portion of your AOS 
product’s resources, and at times can halt other processes. It is best to use the debug 

UT command only during times when the network resources are in low demand (nonpeak 
hours, weekends, etc.). 
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Understanding CLI Error Messages 


The following table lists and defines some of the more common error messages given in the CLI. 





Message 


Helpful Hints 








%Ambiguous command 
%Unrecognized command 


The command may not be valid in the current command mode, or you 
may not have entered enough correct characters for the command to be 
recognized. Try using the ? command to determine your error. Refer to 
Using CLI Shortcuts on page 19 for more information. 





%lnvalid or incomplete 
command 


The command may not be valid in the current command mode, or you 
may not have entered all of the pertinent information required to make 
the command valid. Try using the ? command to determine your error. 
Refer to Using CLI Shortcuts on page 19 for more information. 





%Invalid input detected at 
“A” marker 





The error in command entry is located where the caret (*) mark appears. 
Enter a question mark at the prompt. The system displays a list of 
applicable commands or gives syntax information for the entry. 
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COMMAND DESCRIPTIONS 


This portion of the guide provides a detailed listing of all available commands for the AOS CLI (organized 
by command set). Each command listing contains pertinent information, including the default value, a 
description of all subcommand parameters, functional notes for using the command, and a brief technology 
review. To search for a particular command alphabetically, use the Index at the end of this document. To 
search for information on a group of commands within a particular command set, use the linked references 
given below: 


Basic Mode Command Set on page 32 
Common Commands on page 43 
Enable Mode Command Set on page 60 
Global Configuration Mode Command Set on page 593 
Line Interface Command Sets 
Line (Console) Interface Config Command Set on page 1006 
Line (SSH) Interface Config Command Set on page 1022 
Line (Telnet) Interface Config Command Set on page 1034 
Physical Interface Command Sets 
ADSL Interface Configuration Command Set on page 1048 
BRI Interface Configuration Command Set on page 1052 
Cellular Interface Configuration Command Set on page 1062 
DDS Interface Configuration Command Set on page 1067 
DSX-1 Interface Configuration Command Set on page 1075 
E]1 Interface Configuration Command Set on page 1085 
Ethernet Interface Configuration Command Set on page 1101 
FDL Interface Configuration Command Set on page 1208 
FXO Interface Configuration Command Set on page 1214 
FXS Interface Configuration Command Set on page 1223 
G.703 Interface Configuration Command Set on page 1235 
HSSI Interface Configuration Command Set on page 1242 
Modem Interface Configuration Command Set on page 1246 
PRI Interface Configuration Command Set on page 1251 
Serial Interface Configuration Command Set on page 1258 
SHDSL Interface Configuration Command Set on page 1267 
TI Interface Configuration Command Set on page 1281 
T3 Interface Configuration Command Set on page 1298 
Virtual Interface Command Sets 
ATM Interface Config Command Set on page 1309 
ATM Subinterface Config Command Set on page 1313 
BVI Interface Config Command Set on page 1398 
Demand Interface Configuration Command Set on page 1434 
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Frame Relay Interface Config Command Set on page 1507 
Frame Relay Subinterface Config Command Set on page 1529 
HDLC Interface Configuration Command Set on page 1610 
Loopback Interface Configuration Command Set on page 1682 
Port Channel Interface Config Command Set on page 1725 
PPP Interface Configuration Command Set on page 1749 
Tunnel Configuration Command Set on page 1840 
VLAN Configuration Command Set on page 1912 
VLAN Database Configuration Command Set on page 1917 
VLAN Interface Configuration Command Set on page 1926 
Wireless Interface Command Sets 
AP Interface Configuration Command Set on page 1987 
Radio Interface Configuration Command Set on page 2004 
VAP Interface Configuration Command Set on page 2028 
VPN Parameter Command Sets 
CA Profile Configuration Command Set on page 2045 
Certificate Configuration Command Set on page 2056 
Crypto Map IKE Command Set on page 2060 
Crypto Map Manual Command Set on page 2077 
IKE Client Command Set on page 2088 
IKE Policy Attributes Command Set on page 2092 
IKE Policy Command Set on page 2098 
Routing Command Sets 
AS Path List Configuration Command Set on page 2112 
BGP Configuration Command Set on page 2115 
BGP Neighbor Configuration Command Set on page 2130 
Community List Configuration Command Set on page 2147 
Network Monitor Probe Configuration Command Set on page 2150 
Network Monitor Probe Responder Configuration Command Set on page 2177 
Network Monitor Track Configuration Command Set on page 2185 
Router (OSPF) Configuration Command Set on page 2200 
Router (PIM Sparse) Configuration Command Set on page 2220 
Router (RIP) Configuration Command Set on page 2224 
Voice Command Sets 
ISDN Group Configuration Command Set on page 2240 
Voice Auto Attendant Configuration Command Set on page 2249 
Voice CODEC List Configuration Command Set on page 2252 
Voice CoS Command Set on page 2256 
Voice Line Configuration Command Set on page 2292 
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Voice Mail CoS Command Set on page 2314 

Voice Operator Group Command Set on page 2322 

Voice Ring Group Command Set on page 2337 

Voice Trunk Analog Command Set on page 2355 

Voice Trunk Group Command Set on page 2388 

Voice Trunk ISDN Command Set on page 2395 

Voice Trunk SIP Command Set on page 2420 

Voice Trunk TI Command Set on page 2448 

Voice User Configuration Command Set on page 2487 
Security and Services Command Seis 

DHCP Pool Command Set on page 2543 

Mail Agent Configuration Command Set on page 2562 

Quality of Service Map Command Set on page 2573 

Radius Group Command Set on page 2597 

Route Map Configuration Command Set on page 2599 

TACACS+ Group Configuration Command Set on page 2628 

Top Traffic Configuration Command Set on page 2630 
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COMMAND SET ACCESS PATH QUICK REFERENCE GUIDE 


Physical Interface Command Set Access Paths 






























































Command Set Sample Access Path For Full Command 
List, See... 

ADSL (config)#interface adsl 0/1 page 1048 
(config-adsl 0/1)# 

BRI (config)#interface bri 1/2 page 1052 
(config-bri 1/2)# 

Cellular (config)#interface cellular 1/1 page 1062 
(config-cellular 1/1)# 

DDS (config)#interface dds 1/1 page 1067 
(config-dds 1/1)# 

DSX-1 (config)#interface t1 1/2 page 1075 
(config-t1 1/2)# 

E1 (config)#interface e1 1/1 page 1085 
(config-e1 1/1)# 

Ethernet (config)#interface ethernet 0/1 page 1101 
(config-eth 0/1)# 

Ethernet Subinterface (config)#interface ethernet 0/1.1 page 1101 
(config-eth 0/1.1)# 

Gigabit Ethernet (config)#interface gigabit-ethernet 0/3 page 1101 
(config-giga-eth 0/3)# 

Range of Ethernet (config)#interface range ethernet 0/1, 0/8 page 1102 

Interfaces (config-eth 0/1, 0/8)# 

(in this example, eth 0/1 

through eth 0/8) 

FDL (config)#interface fdl 1/1 page 1208 
(config-fdl 1/1)# 

FXO (config)#interface fxo 0/1 page 1214 
(config-fxo 0/1)# 

FXS (config)#interface fxs 2/1 page 1223 
(config-fxs 2/1)# 

G.703 (config)#interface e1 1/2 page 1235 
(config-e1 1/2)# 

HSSI (config)#interface hssi 1/1 page 1242 
(config-hssi 1/1)# 

Modem (config)#interface modem 1/2 page 1246 
(config-modem 1/2)# 

PRI (config)#interface pri 2 page 1251 
(config-pri 2)# 

Serial (config)#interface serial 1/1 page 1258 
(config-ser 1/1)# 
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Command Set 


Sample Access Path 


For Full Command 
List, See... 














SHDSL (config)#interface shdsl 1/1 page 1267 
(config-shdsl 1/1)# 

T1 (config)#interface t1 1/1 page 1281 
(config-t1 1/1)# 

T3 (config)#interface t3 1/1 page 1298 
( 








config-t3 |/1)# 











Virtual Interface Command Set Access Paths 





Command Set 


Sample Access Path 


For Full Command 
List, See... 















































ATM (config)#interface atm 1 page 1309 
(config-atm 1)# 

ATM Subinterface (config)#interface atm 1.1 page 1313 
(config-atm 1.1)# 

Demand (config)#interface demand 1 page 1434 
(config-demand 1)# 

Frame Relay (config)#interface frame-relay 1 page 1507 
(config-fr 1)# 

Frame Relay Subinterface | (config)#interface frame-relay 1.16 page 1529 
(config-fr 1.16)# 

HDLC (config)#interface hdlc 1 page 1610 
(config-hdlc 1)# 

Loopback (config)#interface loopback 1 page 1682 
(config-loop 1)# 

Port Channel (config)#interface port-channel 1 page 1725 
(config-p-chan 1)# 

PPP (config)#interface ppp 1 page 1749 
(config-ppp 1)# 

Tunnel (config)#interface tunnel 1 page 1840 
(config-tunnel 1)# 

VLAN (config)#interface vian 1 page 1912 
(config-vlan 1)# 

VLAN Configuration (config)#vlan 1 page 1912 
(config-vlan 1)# 

VLAN Database #vlan database page 1917 
(vlan)# 

VLAN Interface (config)#interface vian 1 page 1926 
( 





config-vlan 1)# 
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Wireless Interface Command Set Access Paths 


























Command Set Sample Access Path For Full Command 
List, See... 

Access Point (config)#interface dot11ap 1 page 1987 
(config-doti1ap 1)# 

Radio (config)#interface dot11ap 1/1 radio-type page 2004 
802.11bg 
(config-dot11ap 1/1-bg)# 

Virtual Access Point (config)#interface dot11ap 1/1.1 page 2028 
(config-dot11 ap 1/1.1-bg)# 





VPN Parameter Command Set Access Paths 








Command Set Sample Access Path For Full Command 
List, See... 
CA Profile config)#crypto ca profile MyProfile page 2045 


ca-profile)# 





Certificates config)#crypto ca certificate chain MyProfile page 2056 


( 
( 
( 
(config-cert-chain)# 
( 
( 
( 





Crypto Map IKE config)#crypto map Map-Name 10 ipsec-ike page 2060 


config-crypto-map)# 





Crypto Map Manual config)#crypto map Map-Name 10 page 2077 
ipsec-manual 

(config-crypto-map)# 
IKE Client (config)#crypto ike client configuration pool page 2088 
ConfigPool1 


(config-ike-client-pool)# 








IKE Policy config)#crypto ike policy 1 page 2098 


config-ike)# 





config-ike)#attribute 10 


( 

( 

IKE Policy Attributes (config)#crypto ike policy 1 page 2092 
( 

(config-ike-attribute)# 
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Routing Protocol Command Set Access Paths 





Command Set 


Sample Access Path 


For Full Command 
List, See... 






































config-rip)# 





AS Path List (config)#ip as-class-list listname page 2112 
(config-as-path-list)# 

BGP Configuration (config)#router bgp 1 page 2115 
(config-bgp)# 

BGP Neighbor (config-bgp)#router bgp-neighbor page 2130 
192.22.73.101 
(config-bgp-neighbor)# 

Community List (config)#ip community-list listname page 2147 
(config-comm-list)# 

Network Monitor Probe (config)#probe probe1 icmp-echo page 2150 
(config-probe-probe1 )# 

Network Monitor Probe (config)#probe responder twamp page 2177 

Responder (config-responder-twamp)# 

Network Monitor Track (config)#track track1 page 2185 
(config-track-track1)# 

OSPF (config)#router ospf page 2200 
(config-ospf)# 

PIM Sparse (config)#router pim-sparse page 2220 
(config-pim-sparse)# 

RIP (config)#router rip page 2224 
( 
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Voice Command Set Access Paths 





Command Set 


Sample Access Path 


For Full Command 
List, See... 





















































CODEC List (config)#voice codec-list trunk page 2252 
(config-codec)# 

ISDN Group (config)#isdn-group 1 page 2240 
(config-isdn-group 1)# 

Voice Auto Attendant (config)#voice autoattendant Example 1212 page 2249 
(config-aal212)# 

Voice CoS (config)#voice class-of-service set1 page 2256 
(config-cos-set1 )# 

Voice Line (config)#voice line sales page 2292 
(config-sales)# 

Voice Mail CoS (config)#voice mail class-of-service class1 page 2314 
(config-vm-class1 )# 

Voice Operator Group (config)#voice operator-group page 2322 
(config-operator-group)# 

Voice Ring Group (config)#voice ring-group 6786 page 2337 
(config-6786)# 

Voice Trunk Analog DPT (config)#voice trunk t01 type analog page 2355 
supervision dpt 
(config-t01)# 

Voice Trunk Analog (config)#voice trunk t01 type analog page 2355 

Ground Start (GS) supervision ground-start 
(config-t01)# 

Voice Trunk Analog Loop __| (config)#voice trunk t01 type analog page 2355 

Start (LS) supervision loop-start 
(config-t01)# 

Voice Trunk Group (config)#voice grouped-trunk TestGroup page 2388 
(config-TestGroup)# 

Voice Trunk ISDN (config)#voice trunk t01 type isdn page 2395 
(config-t01)# 

Voice Trunk T1 Feature (config)#voice trunk t01 type t1-rbs page 2448 

Group D supervision fgd role user 
(config-t01)# 

Voice Trunk T1 Ground (config)#voice trunk t01 type t1-rbs page 2448 

Start (GS) supervision ground-start role user 
(config-t01)# 

Voice Trunk T1 Immediate | (config)#voice trunk t01 type t1-rbs page 2448 

Interface supervision immediate role [network | user] 
(config-t01)# 

Voice Trunk T1 Interface (config)#voice trunk t01 page 2448 





(config-t01)# 
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Command Set Sample Access Path For Full Command 
List, See... 
Voice Trunk T1 Loop Start | (config)#voice trunk t01 type t1-rbs page 2448 
(LS) supervision loop-start role user 
(config-t01)# 
Voice Trunk T1 Tie Trunk (config)#voice trunk t01 type t1-rbs page 2448 
Feature Group D supervision tie-fgd 
(config-t01)# 
Voice Trunk T1 Wink Role | (config)#voice trunk t01 type t1-rbs page 2448 


supervision wink role [network | user] 
(config-t01)# 








Voice Trunk SIP (config)#voice trunk t01 type sip page 2420 
(config-t01)# 

Voice User (config)#voice user 4444 page 2487 
( 


config-4444)# 

















Security and Services Command Set Access Paths 


























Command Set Sample Access Path For Full Command 
List, See... 

DHCP (config)#ip dhcp-server pool MyPool page 2543 
(config-dhcp)# 

Mail Agent (config)#mail-client MyAgent page 2562 
(config-mail-client-MyAgent)# 

QoS Map (config)#qos map VOICEMAP 10 page 2573 
(config-qos-map)# 

Radius Group (config)#aaa group server radius MyServer page 2597 
(config-sg-radius)# 

Route Map (config)#route-map MyMap permit 100 page 2599 
(config-route-map)# 

TACACS+ Group (config)#aaa group server tacacs+ TEST page 2628 
GROUP 
(config-sg-tacacs+)# 

Top Traffic (config)#ip flow top-talkers page 2630 











(config-top-talkers)# 
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SYSTEM COMMAND SETS 


This section includes the following command sets: 


¢ Basic Mode Command Set on page 32 

* Common Commands on page 43 

¢ Enable Mode Command Set on page 60 

¢ Global Configuration Mode Command Set on page 593 
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BASIC MODE COMMAND SET 





To activate the Basic mode, simply log in to the unit. After connecting the unit to a VT100 terminal (or 
terminal emulator) and activating a terminal session, the following prompt displays: 


> 


The following command is common to multiple command sets and is covered in a centralized section of 
this guide. For more information, refer to the section listed below: 


exit on page 51 
All other commands for this command set are described in this section in alphabetical order. 


enable on page 33 

logout on page 34 

ping on page 35 

show clock on page 37 

show snmp on page 38 

show version on page 39 

telnet <ip address> on page 40 
traceroute <ip address> on page 42 
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enable 
Use the enable command (at the Basic Command mode prompt) to enter the Enable Command mode. Use 


the disable command to exit the Enable Command mode. Refer to show access-lists on page 284 for more 
information. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The Enable Command mode provides access to operating and configuration parameters and should be 
password protected to prevent unauthorized use. Use the enable password command (found in the 
Global Configuration mode) to specify an Enable Command mode password. If the password is set, 
access to the Enable Commands (and all other “privileged” commands) is only granted when the correct 
password is entered. Refer to enable password <password> on page 667 for more information. 


Usage Examples 





The following example enters the Enable Command mode and defines an Enable Command mode 
password: 


>enable 
#configure terminal 
(config)#enable password ADTRAN 


At the next login, the following sequence must occur: 


>enable 
Password: ****** 
# 
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logout 


Use the logout command to terminate the current session and return to the login screen. 


Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example shows the logout command being executed in the Basic mode: 


>logout 
Session now available 


Press RETURN to get started. 
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ping 


Use the ping command (at the Basic Command mode prompt) to verify Internet Protocol (IP) network 
connectivity. Variations of this command include: 


ping 

ping <ip address | hostname> 

ping <ip address | hostname> data <string> 

ping <ip address | hostname> repeat <number> 

ping <ip address | hostname> size <value> 

ping </p address | hostname> source <ip address> 

ping <ip address | hostname> timeout <value> 

ping vrf <name> <ip address | hostname> 

ping vrf <name> <ip address | hostname> data <string> 
ping vrf <name> <ip address | hostname> repeat <number> 
ping vrf <name> <ip address | hostname> size <value> 
ping vrf <name> <ip address | hostname> source <ip address> 
ping vrf <name> <ip address | hostname> timeout <value> 


Syntax Description 





<ip address | hostname> Optional. Specifies the IP address or host name of the system to ping. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Entering the ping command with no specified IP address prompts the user 
with parameters for a more detailed ping configuration. Refer to Functional 
Notes (below) for more information. 


data <string> Specifies an alpohanumerical string to use (the ASCII equivalent) as the data 
pattern in the ECHO_REQ packets. 

repeat <number> Specifies the number of ping packets to send to the system. Valid range is 
1 to 1,000,000. 

size <value> Specifies the datagram size (in bytes) of the ping packet. Valid range is 1 to 
1448 bytes. 

source <ip address> Specifies the IP address to use as the source address in the ECHO_REQ 


(or interface) packets. The source IP address must be a valid address local 
to the router on the specified VRF. 


timeout <value> Specifies the timeout period after which the ping is considered 
unsuccessful. Valid range is 1 to 5 seconds. 


vrf <name> Optional. Specifies the VRF where the ip address exists. 


Default Values 





No default value necessary for this command. 
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Command History 





Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





The ping command helps diagnose basic IP network connectivity using the Packet Internet Groper 
program to repeatedly bounce Internet Control Message Protocol (ICMP) Echo_Request packets off a 
system (using a specified IP address). AOS allows executing a standard ping request to a specified IP 
address, or provides a set of prompts to configure a more specific ping configuration. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is an example of a successful ping command: 


>ping 

VRF Name [-default-]: 

Target IP address:10.10.10.1 

Repeat count[1-1000000]:5 

Datagram Size [1-1000000]:100 

Timeout in seconds [1-5]:2 

Extended Commands? [y or n]:n 

Type CTRL+C to abort. 

Legend: '!' = Success '?' = Unknown host '$' = Invalid host address 
™ = Request timed out '-' = Destination host unreachable 
‘x' = TTL expired in transit 


Pinging 192.168.0.30 with 100 bytes of data: 


Success rate is 100 percent (5/5) round-trip min/avg/max = 19/20.8/25 ms 
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show clock 


Use the show clock command to display the system time and date entered using the clock set command. 
Refer to the section clock set <time> <day> <month> <year> on page 128 for more information. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example displays the current time and data from the system clock: 


>show clock 
23:35:07 UTC Tue Aug 20 2002 
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show snmp 


Use the show snmp command to display the system Simple Network Management Protocol (SNMP) 
parameters and current status of SNMP communications. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following is an example output using the show snmp command for a system with SNMP disabled and 
the default chassis and contact parameters: 


>show snmp 
Chassis: Chassis ID 
Contact: Customer Service 
0 Rx SNMP packets 

0 Bad community names 

0 Bad community uses 

0 Bad versions 

0 Silent drops 

0 Proxy drops 

0 ASN parse errors 
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show version 


Use the show version command to display the current AOS version information. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following is a sample show version output: 


>show version 


AOS version 06.01.00 

Checksum: 1F0D5243 built on Fri Nov 08 13:12:06 2002 
Upgrade key: de76efcfeb4c8eeb6901188475dd0917 
Boot ROM version 03.00.18 

Checksum: 7A3D built on: Fri Nov 08 13:12:25 2002 
Copyright (c) 1999-2002 ADTRAN Inc. 

Serial number C14C6308 


UNIT_2 uptime is 0 days 4 hours 59 minutes 43 seconds 
System returned to ROM by Warm Start 


Current system image file is "03001 8adv.biz" 
Boot system image file is “03001 8adv.biz” 
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telnet </po address> 


Use the telnet command to open a Telnet session (through AOS) to another system on the network. 
Variations of this command include the following: 


telnet </p address | hostname> 

telnet <ip address | hostname> port <tcp port> 

telnet vrf <name> <ip address | hostname> 

telnet vrf <name> <ip address | hostname> port <tcp port> 


Syntax Description 





<ijp address | hostname> Specifies the IP address or host name of the remote system. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 

port <tcp port> Optional. Specifies the TCP port number to be used when connecting to a 
host through Telnet. Range is 1 to 65,535. 

vrf <name> Optional. Specifies the VRF where the IP address or host name exists. 


Default Values 


No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 14.1 Command was expanded to specify port number. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example opens a Telnet session with a remote system (10.200.4.15): 


>enable 

#telnet 10.200.4.15 
User Access Login: 
Password: 
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The following example opens a Telnet session with a remote system (10.200.4.15) on port 8010: 


>enable 

#telnet 10.200.4.15 port 8010 
User Access Login: 

Password: 
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traceroute </p address> 


Use the traceroute command to display the IP routes a packet takes to reach the specified destination. 
Variations of this command include: 


traceroute 

traceroute <ip address | hostname> 

traceroute <ip address | hostname> source <ip address> 

traceroute vrf <name> <ip address | hostname> 

traceroute vrf <name> <ip address | hosthame> source <ip address> 


Syntax Description 
<ip address | hostname> Optional. Specifies the IP address or host name of the remote system’s 
route to trace. 


source <ip address> Optional. Specifies the IP address of the interface to use as the source of 
the trace. IP addresses should be expressed in dotted decimal notation (for 
example, 10.10.10.1). 


vrf <name> Optional. Specifies the VRF where the route exists. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is a sample traceroute output: 


>enable 
#traceroute 192.168.0.1 


Type CTRL+C to abort. 

Tracing route to 192.168.0.1 over a maximum of 30 hops 
1 22ms 20ms 20ms_~ 192.168.0.65 
2 23ms 20ms 20ms_~ 192.168.0.1 

# 
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COMMON COMMANDS 





The following section contains descriptions of commands that are common across multiple command sets. 
These commands are listed in alphabetical order. 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
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alias “<text>” 


Use the alias command to populate the ifAlias OID (Interface Table MIB of RFC2863) for all physical and 
virtual interfaces when using Simple Network Management Protocol (SNMP) management stations. Use 
the no form of this command to remove an alias. 


Syntax Description 





“<text>” Describes the interface (for SNMP) using an alphanumeric character string 
enclosed in quotation marks (limited to 64 characters). 


Default Values 





No defaults required for this command. 


Applicable Command Modes 





Applies to all interface mode command sets. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The ifAlias OID is a member of the ifXEntry object-type (defined in RFC2863) used to provide a 
nonvolatile, unique name for various interfaces. This name is preserved through power cycles. Enter a 
string (using the alias command) which clearly identifies the interface. 


Usage Examples 





The following example defines a unique character string for the T1 interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#alias “CIRCUIT_ID_23-908-8887-401” 


Technology Review 





Please refer to RFC2863 for more detailed information on the ifAlias display string. 
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cross-connect 


Use the cross-connect command to create a cross-connect map from a created TDM group on an interface 
to a virtual interface. Variations of this command include: 


cross-connect <number> <from interface> <to interface> 
cross-connect <number> <from interface> <group number> <to interface> 





Changing cross-connect settings could potentially result in service interruption. 
UT ging 8 P y p 





Syntax Description 





<number> Identifies the cross-connect using a number descriptor. Valid range is 1 to 
1024. 
<from interface> Specifies the interface (physical or virtual) on one end of the cross-connect. 


Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; and for an ATM subinterface, use atm 1.1. Enter cross-connect 
1 ? for a list of valid interfaces. 


<group number> Optional. Specifies which configured TDM group to use for this 
cross-connect. This subcommand only applies to T1 physical interfaces. 


<to interface> Specifies the virtual interface on the other end of the cross-connect. Specify 
an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id]>. For example, for a T1 interface, 
use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, 
use ppp 1; and for an ATM subinterface, use atm 1.1. Use the ? to display 
a list of valid interfaces. 


Default Values 





By default, there are no configured cross-connects. 


Applicable Command Modes 





Applies to all interface mode command sets. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the E1 interface. 
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Functional Notes 





Cross-connects provide the mechanism for connecting a configured virtual (Layer 2) endpoint with a 
physical (Layer 1) interface. Supported Layer 2 protocols include Frame Relay and Point-to-Point Protocol 
(PPP). 


Usage Examples 





The following example creates a Frame Relay endpoint and connects it to the T1 1/1 physical interface: 
1. Create the Frame Relay virtual endpoint and set the signaling method: 

(config)#interface frame-relay 1 

(config-fr 1)#frame-relay Imi-type cisco 

2. Create the subinterface and configure the PVC parameters, including the data-link control identifier 


(DLCI) and IP address: 


(config-fr 1)#interface fr 1.1 
(config-fr 1.1)#frame-relay interface-dlci 17 
(config-fr 1.1)#ip address 168.125.33.252 255.255.255.252 


3. Create the TDM group of 12 DSOs (64K) on the T1 physical interface: 


THIS STEP IS ONLY VALID FOR T1 INTERFACES.) 


config)#interface t1 1/1 
config-t1 1/1)#tdm-group 1 timeslots 1-12 speed 64 
config-t1 1/1)#exit 


aon — 


4. Connect the Frame Relay subinterface with port T1 1/1: 


(config)#cross-connect 1 t1 1/11 fr 1 


Technology Review 





Creating an endpoint that uses a Layer 2 protocol (such as Frame Relay) is generally a four-step process: 


Step 1: 

Create the Frame Relay virtual endpoint (using the interface frame-relay commana) and set the signaling 
method (using the frame-relay Imi-type command). Also included in the Frame Relay virtual endpoint are 
all the applicable Frame Relay timers logging thresholds, encapsulation types, etc. Generally, most Frame 
Relay virtual interface parameters should be left at their default state. For example, the following creates a 
Frame Relay interface labeled 7 and sets the signaling method to ansi. 


(config)#interface frame-relay 7 
(config-fr 7)#frame-relay Imi-type ansi 
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Step 2: 

Create the subinterface and configure the PVC parameters. Using the subinterface, apply access policies 
to the interface, create bridging interfaces, configure dial-backup, assign an IP address, and set the PVC 
DLCI. For example, the following creates a Frame Relay subinterface labeled 22, sets the DLCI to 30, and 
assigns an IP address of 193.44.69.253 to the interface. 


(config-fr 7)#interface fr 7.22 
(config-fr 7.22)#frame-relay interface-dlci 30 
(config-fr 7.22)#ip address 193.44.69.253 255.255.255.252 


Step 3: (VALID ONLY FOR T1 INTERFACES) 

Specify the group of DSOs used for signaling on the T1 interface by creating a TDM group. Group any 
number of contiguous DSOs together to create a data pipe for Layer 2 signaling. Also use the tdm-group 
command to specify the per-DSO signaling rate on the interface. For example, the following creates a TDM 
group labeled 9 containing 20 DSOs (each DSO having a data rate of 56 kbps). 


(config)#interface t1 1/1 
(config-t1 1/1)#tdm-group 9 timeslots 1-20 speed 56 
(config-t1 1/1 )#exit 


Step 4: 

Make the association between the Layer 2 endpoint and the physical interface using the cross-connect 
command. Supported Layer 2 protocols include Frame Relay and PPP. For example, the following creates 
a cross-connect (labeled 5) to make an association between the Frame Relay virtual interface (fr 7) and 
the TDM group configured on interface t1 1/1 (tdm-group 9). 


(config)#cross-connect 5 t1 1/1 9 fr 7 
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description <text> 


Use the description command to identify the specified interface (for example, circuit ID, contact 
information, etc.). Use the no form of this command to remove a description. 


Syntax Description 


<text> Identifies the specified interface using up to 80 alphanumeric characters. 


Default Values 





No defaults required for this command. 


Applicable Command Modes 





Applies to all interface mode command sets. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enters comment information using the description command: 


(config)#interface t1 1/1 
(config-t1 1/1)#description This is the Dallas office T1 
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do 
Use the do command to execute any AOS command, regardless of the active configuration mode. It 


provides a way to execute commands in other modes without taking the time to exit the current mode and 
enter the desired one. 


Syntax Description 





No subcommanas. 


Default Values 





No defaults required for this command. 


Applicable Command Modes 





Applies to all mode command sets. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Use the do command to view configurations or interface states after configuration changes are made 
without exiting to the Enable mode. 


Usage Examples 





The following example shows the do command used to view the Frame Relay interface configuration while 
currently in the T1 Interface Configuration mode: 


(config)#interface t1 1/1 
(config-t1 1/1)#do show interfaces fr 7 
fr 7 is ACTIVE 
Signaling type is ANSI signaling role is USER 
Polling interval is 10 seconds full inquiry interval is 6 polling intervals 
Output queue: 0/0 (highest/drops) 
0 packets input 0 bytes 
0 pkts discarded 0 error pkts 0 unknown protocol pkts 
0 packets output 0 bytes 
O tx pkts discarded 0 tx error pkts 
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end 


Use the end command to exit the current configuration mode and enter the Enable Security mode. 





Wo When exiting the Global Configuration mode, remember to perform a copy 


running-config startup-config to save all configuration changes. 





Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this command. 


Applicable Command Modes 





Applies to all mode command sets except Basic mode. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example shows the end command being executed in the T1 Interface Configuration mode: 


(config-t1 1/1)#end 
# 


#- Enable Security mode command prompt 
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exit 


Use the exit command to exit the current configuration mode and enter the previous one. For example, 
using the exit command in an interface configuration mode will activate the Global Configuration mode. 
When using the exit command in the Basic mode, the current session will be terminated. 





Wor When exiting the Global Configuration mode, remember to perform a copy 


running-config startup-config to save all configuration changes. 





Syntax Description 





No subcommanas. 


Default Values 


No defaults necessary for this command. 


Applicable Command Modes 





Applies to all mode command sets. 


Command History 


Release 1.1 Command was introduced. 


Usage Examples 





The following example shows the exit command being executed in the Global Configuration mode: 


(config)#exit 
# 


#- Enable Security mode command prompt 
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interface 


Use the interface command to activate the interface command set for the specified physical or virtual 
interface on an AOS unit. The following interfaces are considered physical interfaces and are available for 
configuration based upon the hardware installed (ADSL, BRI, DDS, DSX-1, E1, Ethernet, FDL, FXO, 
FXS, G.703, HSSI, modem, PRI, serial, SHDSL, T1, and T3). The following interfaces are considered 
virtual interfaces and are available for configuration depending on the type of unit and the features enabled 
(ATM, BVI, demand, Frame Relay, HDLC, loopback, port channel, PPP, tunnel, and VLAN). 


This command can be issued from the Global Configuration mode prompt or from any configuration mode 
to navigate to an interface configuration mode without issuing the exit command. The interface command 
is also used to create virtual interfaces (this only applies to ATM, demand, Frame Relay, HDLC, loopback, 
port channel, PPP, tunnel, and VLAN interfaces) prior to entering the configuration command set. 


Type interface ? for a complete list of valid interface types on the unit. Details about using the interface 
range command are provided on on page 671. Use the no form of this command to delete a configured 
interface. Variations of this command include: 


interface adsl <s/ot/port> 

interface atm <port / port.sublink> 
interface bri <s/ot/port> 

interface bvi <interface id> 

interface cellular <s/ot/port> 
interface dds <s/ot/port> 

interface demand <interface id> 
interface dot11ap <ap | ap/radio | ap/radio. vap> 
interface e1 <s/ot/port> 

interface ethernet <s/ot/port> 
interface fdl <s/ot/port> 

interface frame-relay <port / port.sublink> 
interface fxo <s/ot/port> 

interface fxs <s/ot/port> 

interface gigabit-ethernet <s/ot/port> 
interface hdlc <interface id> 
interface hssi <s/ot/port> 

interface loopback <interface id> 
interface modem <si/ot/port> 
interface port-channel </nterface id> 
interface ppp <interface id> 
interface pri <s/ot/port> 

interface serial <s/ot/port> 

interface shdsl <s/ot/port> 

interface switchport <s/ot/port> 
interface t1 <s/ot/port> 

interface t3 <s/ot/port> 

interface tunnel <interface id> 
interface vian <interface id> 
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Syntax Description 





adsl <s/ot/port> 


atm <port / port.sublink> 


bri <s/ot/port> 


bvi <interface id> 


cellular <s/ot/port> 


dds <s/ot/port> 


demand <interface id> 


doti1ap <ap | ap/radio | ap/radio. vap> 


e1 <slot/port> 


ethernet <s/ot/port> 


fdl <s/ot/port> 


frame-relay <port / port.sublink> 


fxo <s/ot/port> 


fxs <slot/port> 


gigabit-ethernet <s/ot/port> 


Identifies asymmetric digital subscriber line (ADSL) interfaces. 
Slot and port number ranges are dependant upon the hardware 
installed in the unit. Type interface adsl ? for information 
regarding valid ranges. 


Identifies and creates asynchronous transfer mode (ATM) virtual 
interfaces or subinterfaces. Port number range is 1 to 1024. 
Sublink number range is 1 to 65,535. 


Identifies basic rate interfaces (BRIs). Slot and port number 
ranges are dependant upon the hardware installed in the unit. 
Type interface bri ? for information regarding valid ranges. 


Identifies bridged virtual interfaces (BVIs). This ID must 
correspond to an existing bridge-group. Valid range is 1 to 255. 


Identifies cellular interfaces. Slot numbers are either 0 or 1. Port 
numbers begin at 1 with a range dependent on the unit. 


Identifies digital data service (DDS) interfaces. Slot and port 
number ranges are dependant upon the hardware installed in the 
unit. Type interface dds ? for information regarding valid ranges. 


Identifies and creates demand routing interfaces. Valid range is 
1 to 1024. 


Identifies wireless access point (AP), radio, and/or virtual access 
point (VAP) interfaces. The AP number range is 1 to 8. The radio 
is either 1 or 2. The VAP number range is 1 to 8. 


Identifies E1 interfaces. Slot and port number ranges are 
dependant upon the hardware installed in the unit. Type interface 
e1 ? for information regarding valid ranges. 


Identifies Ethernet interfaces. Slot and port number ranges are 
dependant upon the hardware installed in the unit. Type interface 
ethernet ? for information regarding valid ranges. 


Identifies facility datalink (FDL) interfaces. Slot and port number 
ranges are dependant upon the hardware installed in the unit. 
Type interface fdl ? for information regarding valid ranges. 


Identifies and creates Frame Relay interfaces. Port number range 
is 1 to 1024. Sublink range is 1 to 1007. 


Identifies foreign exchange office (FXO) interfaces. Slot and port 
number ranges are dependant upon the hardware installed in the 
unit. Type interface fxo ? for information regarding valid ranges. 


Identifies foreign exchange station (FXS) interfaces. Slot and port 
number ranges are dependant upon the hardware installed in the 
unit. Type interface fxs ? for information regarding valid ranges. 


Identifies gigabit Ethernet interfaces. Slot and port number ranges 
are dependant upon the hardware installed in the unit. Type 
interface gigabit-ethernet ? for information regarding valid 
ranges. 
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hdic <interface id> 


hssi <s/ot/port> 


loopback <interface id> 
modem <siot/port> 


port-channel <interface id> 


ppp </interface id> 


pri <s/ot/port> 


serial <s/ot/port> 


shdsl <s/ot/port> 


switchport <s/ot/port> 


t1 <s/ot/port> 


t3 <s/ot/port> 


tunnel <interface id> 


vian <interface id> 


Default Values 


Identifies and creates high-level data link control (HDLC) 
interfaces. Valid range is 1 to 1024. 


Identifies high-speed serial interfaces (HSSIs). Slot and port 
number ranges are dependant upon the hardware installed in the 
unit. Type interface hssi ? for information regarding valid ranges. 


Identifies and creates loopback interfaces. Valid range is 1 to1024. 


Identifies analog modem interfaces. Slot and port number ranges 
are dependant upon the hardware installed in the unit. Type 
interface modem ? for information regarding valid ranges. 


Creates and configures link aggregation interfaces. Valid range is 
1 to 6. 


Identifies and creates Point-to-Point Protocol (PPP) interfaces. 
Valid range is 1 to 1024. 


Identifies primary rate interfaces (PRIs). Slot and port number 
ranges are dependant upon the hardware installed in the unit. 
Type interface pri ? for information regarding valid ranges. 


Identifies serial ports. Slot and port number ranges are dependant 
upon the hardware installed in the unit. Type interface serial ? for 
information regarding valid ranges. 


Identifies symmetric high-speed digital subscriber line (SHDSL) 
interfaces. Slot and port number ranges are dependant upon the 
hardware installed in the unit. Type interface shsdl ? for 
information regarding valid ranges. 


Identifies switch port interfaces. Slot and port number ranges are 
dependant upon the hardware installed in the unit. Type interface 
switchport ? for information regarding valid ranges. 


Identifies T1 interfaces. Slot and port number ranges are 
dependant upon the hardware installed in the unit. Type interface 
t1 ? for information regarding valid ranges. 

Identifies T3 interfaces. Slot and port number ranges are 
dependant upon the hardware installed in the unit. Type interface 
t3 ? for information regarding valid ranges. 

Identifies and creates generic routing encapsulation (GRE) tunnel 
interfaces. Valid range is 1 to 1024. 

Identifies and creates virtual local area network (VLAN) interfaces. 
Valid range is 1 to 4094. 





By default, an interface is inactive. To activate the interface, enter the no shutdown command from within 
the specific interface command set; for example, (config-ppp 7)#no shutdown. There are no default 


values for these commands. 
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Command History 





Release 1.1 Command was introduced. 

Release 3.1 Command expanded to include loopback interface. 

Release 8.1 Command expanded to include ATM interface. 

Release 9.1 Command expanded to include HDLC interface. 

Release 11.1 Command expanded to include demand, FXO, and PRI interfaces. 
Release 15.1 Command expanded to allow navigation from one interface to 


another without exiting the current configuration mode. Also 
expanded to include AP, radio, VAP, and BVI interfaces. 


Release 17.2 Command expanded to include cellular interface. 


Functional Notes 





When identifying a physical interface slot and port, keep the following in mind: 


¢ Built-in nonremovable interfaces are identified by slot 0. 
« Removable interfaces are identified by the physical labels on the slots. 
« Interfaces are numbered per slot, from left to right, starting with 1. 


Usage Examples 





The following example uses the interface command to navigate from the T1 Interface Configuration mode 
to a Frame Relay interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#interface fr 7 
(config-fr 7)# 

The following examples activate the interface configuration mode for the specified interface type: 
For an ADSL interface: 
(config)#interface adsl 1/1 
(config-adsl 1/1)# 

For an ATM subinterface: 
(config)#interface atm 1.1 
(config-atm 1.1)# 

For a BRI interface: 


(config)#interface bri 1/2 
(config-bri 1/2)# 
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For a BVI interface: 


(config)#bridge irb 
(config)#interface bvi 1 
(config-bvi 1)# 


For a cellular interface: 
(config)#interface cellular 1/1 
(config-cellular 1/1)# 

For a DDS interface: 


(config)#interface dds 1/1 
(config-dds 1/1)# 


For a demand interface: 
(config)#interface demand 1 
(config-demand 1)# 

For an E1 interface: 
(config)#interface e1 1 
(config-e1 1)# 

For an Ethernet interface: 
(config)#interface ethernet 0/1 
(config-eth 0/1)# 

For an Ethernet subinterface: 
(config)#interface eth 0/1.1 
(config-eth 0/1.1)# 

For an FDL interface: 
(config)#interface fdl 1/1 
(config-fdl 1/1)# 

For a Frame Relay subinterface: 
(config)#interface frame-relay 1.16 
(config-fr 1.16)# 

For an FXO interface: 


(config)#interface fxo 0/1 
(config-fxo 0/1)# 
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For an FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)# 


For a Gigabit Ethernet interface: 


(config)#interface gigabit-ethernet 0/3 
(config-giga-eth 0/3)# 


For an HDLC interface: 
(config)#interface hdlc 1 
(config-hdlc 1)# 

For an HSSI interface: 
(config)#interface hssi 1/1 
(config-hssi 1/1)# 

For a loopback interface: 
(config)#interface loopback 8 
(config-loop 8)# 

For a modem interface: 
(config)#interface modem 1/1 
(config-modem 1/1)# 

For a port channel interface: 
(config)#interface port-channel 6 
Creating Port Channel interface 6. 
(config-p-chan6)# 

For a PPP interface: 
(config)#interface ppp 100 
(config-ppp 100)# 

For a PRI interface: 
(config)#interface pri 2 
(config-pri 2)# 

For a serial interface: 


(config)#interface serial 1/1 
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(config-serial 1/1)# 


For an SHDSL interface: 
(config)#interface shdsl 1/1 
(config-shdsl 1/1)# 

For a switch port interface: 


(config)#interface switchport 0/2 
(config-swx 0/2)# 


For a T1 interface: 
(config)#interface t1 1/1 
(config-t1 1/1)# 

For a T3 interface: 
(config)#interface t3 1/1 
(config-t3 1/1)# 

For a tunnel interface: 
(config)#interface tunnel 300 
(config-tunnel 300)# 

For a VLAN interface: 
(config)#interface vlan 300 
(config-vlan 300)# 

For a wireless access point: 


(config)#interface dotitap 1/1.1 
(config-dot11 ap 1/1.1-bg)# 
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shutdown 
Use the shutdown command to disable the interface (both physical and virtual) so that no data will be 


passed through. Use the no form of this command to turn on the interface and allow it to pass data. By 
default, all interfaces are disabled. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all interfaces are disabled. 


Applicable Command Modes 





Applies to all interface mode command sets. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example administratively disables the modem interface: 


(config)#interface modem 1/2 
(config-modem 1/2)#shutdown 
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ENABLE MODE COMMAND SET 


To activate the Enable mode, enter the enable command at the Basic mode prompt. (If an enable password 
has been configured, a password prompt will display.) For example: 


>enable 
Password: XXXXXXX 
# 


In AOS Release 17.1, output modifiers were introduced for all show commands. These modifiers help 
specify the information displayed in the show command output.The modifiers are appended to the end of 
the show command, preceded by the pipe character (|), and followed by the <text> to exclude, include, or 
with which to begin the display. The following output modifiers are common for all show commands: 


| begin <text> Produces output that begins with lines, including the specified text and 
every line thereafter. 

| exclude <text> Produces output that excludes any lines containing the specified text. 

| include <texi> Produces output that only displays lines with the specified text. 


In the following example, the show command was modified to begin its display with the lines ip http 
server and display all lines thereafter: 


#show run | begin ip http server 
no ip http server 

no ip http secure-server 

no ip snmp agent 

no ip ftp server 

ip ftp server default-filesystem flash 
no ip scp server 


no ip sntp server 
| 


In the following example, the exclude modifier was used with the show command to exclude lines of text 
containing the words no shutdown: 


#show run interface ppp 1 | exclude no shutdown 
| 

| 

interface ppp 1 

ip address 10.2.0.1 255.255.255.0 

access-policy UNTRUSTED 

crypto map SITE2SITE 

no Ildp send-and-receive 


cross-connect 1 t1 1/1 1 ppp 1 
| 
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end 


In the following example, the include modifier was used with the show command to only display 
information about interfaces: 


#show run | include interface 
interface switchport 0/1 
interface switchport 0/2 
interface switchport 0/3 
interface switchport 0/4 
interface switchport 0/5 
interface switchport 0/6 
interface switchport 0/7 

etc. 


The following command is common to multiple command sets and is covered in a centralized section of 
this guide. For more information, refer to the section listed below: 


exit on page 51 
All other commands for this command set are described in this section in alphabetical order. 


clear commands begin on page 63 
clock auto-correct-dst on page 126 
clock no-auto-correct-dst on page 127 
clock set <time> <day> <month> <year> on page 128 
clock timezone <value> on page 129 
configure on page 132 

copy on page 133 

copy cflash on page 135 

copy console on page 138 

copy dynvoice-config on page 139 
copy flash on page 142 

copy http on page 145 

copy https on page 147 

copy running-config on page 149 
copy startup-config on page 152 

copy tftp on page 155 

copy xmodem on page 157 

debug commands begin on page 159 
dir on page 269 

disable on page 270 


erase on page 271 
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erase file-system cflash on page 272 

events on page 273 

exception report generate on page 274 
factory-default on page 275 

logout on page 276 

ping on page 277 

ping stack-member <number> on page 280 
reload on page 281 

reload dot11 interface dotllap <ap interface> on page 282 
run-tcl <filename> track <name> on page 283 
show commands begin on page 284 

sip check-sync on page 578 

telnet on page 579 

telnet stack-member <unit id> on page 5&1 
telnet vif <name> stack-member <number> on page 582 
terminal length <number> on page 583 
traceroute on page 584 

twping on page 585 

undebug all on page 587 

voice dsp capture on page 588 

vlan database on page 589 

voice loopback-call on page 590 

write on page 592 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 62 


Command Reference Guide Enable Mode Command Set 





clear access-list <name> 


Use the clear access-list command to clear all counters associated with all access control lists (ACLs) or a 
specified ACL. 


Syntax Description 


<name> Optional. Specifies the name (label) of an ACL. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example clears all counters for the access control list labeled MatchAll: 


>enable 
#clear access-list MatchAll 
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clear arp-cache 


Use the clear arp-cache command to remove all dynamic entries from the Address Resolution Protocol 
(ARP) cache table. Variations of this command include: 


clear arp-cache 
clear arp-cache vrf <name> 


Syntax Description 





vrf <name> Optional. Clears the ARP cache entry for a specific VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release A1 Command was expanded to include the VRF parameter. 


Usage Examples 





The following example removes all dynamic entries from the ARP cache: 


>enable 
#clear arp-cache 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


64 


Command Reference Guide Enable Mode Command Set 





clear arp-entry </p address> 


Use the clear arp-entry command to remove a single entry from the Address Resolution Protocol (ARP) 
cache. Variations of this command include: 


clear arp-entry <ip address> 
clear arp-entry </p address> vrf <name> 


Syntax Description 





<ijpp address> Specifies a valid IP address to remove. IP addresses should be expressed 
in dotted decimal notation (for example, 10.10.10.1). 


vrf <name> Optional. Clears the ARP entry for a specific VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release A1 Command expanded to include the VRF parameter. 


Usage Examples 





The following example removes the entry for 10.10.10.1 from the ARP cache: 


>enable 
#clear arp-entry 10.10.10.1 
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clear bridge <number> 


Use the clear bridge command to clear all counters associated with bridging (or for a specified bridge 
group). Variations of this command include: 


clear bridge 
clear bridge <number> 


Syntax Description 





<number> Optional. Specifies a single bridge group. Range is 1 to 255. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example clears all counters for bridge group 17: 


>enable 
#clear bridge 17 
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clear buffers max-used 


Use the clear buffers max-used command to clear the maximum-used statistics for buffers displayed in 


the show memory heap command. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example clears the maximum-used buffer statics: 


>enable 
#clear buffers max-used 
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clear counters <interface> 


Use the clear counters command to clear all interface counters (or the counters for a specified interface). 


Syntax Description 





<interface> Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
dotttap 1/1.1. Type clear counters ? or show interface ? for a complete 
list of interfaces. 


Default Values 





No default values necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 


Usage Examples 


The following example clears all counters associated with the Ethernet 0/1 interface: 


>enable 
#clear counters ethernet 0/1 
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clear counters media-gateway 


Use the clear counters media-gateway command to reset cumulative totals for all Realtime Transport 
Protocol (RTP) channels or for a specific RTP channel. Variations of this command include the following: 


clear counters media-gateway 
clear counters media-gateway channel <value> 


Syntax Description 





channel <value> Optional. Specifies the ID of a particular media-gateway channel to be reset 
(for example, 0/1.1). 


Default Values 





No default value is necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example resets the counters on media gateway channel 0/1.1: 


>enable 
#clear counters media-gateway channel 0/1.1 
Counters on media-gateway channel reset by console. 
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clear counters probe 


Use the clear counters probe command to reset counters on all probe objects or on a specific probe. 
Variations of this command include: 


clear counters probe 
clear counters probe <name> 


Syntax Description 





<name> Specifies a probe object to reset counter. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example resets the counters for all configured probes: 

>enable 

#clear counters probe 

The following example resets the counters only for the probe named probe_A: 


>enable 
#clear counters probe probe _ A 
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clear counters track 


Use the clear counters track command to reset counters on all track objects or on a specifically named 
track. 


clear counters track 
clear counters track <name> 


Syntax Description 





<name> Specifies a track object to reset counter. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example resets the counters for all configured tracks: 

>enable 

#clear counters track 

The following example resets the counters only for the track named track_1: 


>enable 
#clear counters track track_1 
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clear counters vian <vian id> 


Use the clear counters vlan command to reset counters on the specified virtual local area network 
(VLAN) interface. 


Syntax Description 
<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example resets the counters on VLAN interface 7: 


>enable 
#clear counters vian 7 
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clear counters voice-trunk 


Use the clear counters voice-trunk command to reset counters on all voice trunks or on a specific voice 
trunk. Variations of this command include: 


clear counters voice-trunk all 
clear counters voice-trunk <irunk id> 


Syntax Description 





all Clears all voice trunk counters. 


<trunk id> Specifies clearing a specific voice trunk using the trunk's 2-digit identifier 
following T (for example, T01). 


Default Values 





No default value is necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example resets the counters for all configured voice trunks: 


>enable 
#clear counters voice-trunk all 
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clear crypto ike sa 


Use the clear crypto ike sa command to clear existing IKE security associations (SAs). Use the policy and 
remote-id options to clear specific SAs without clearing them all. Variations of this command include: 


clear crypto ike sa 
clear crypto ike sa policy <value> 
clear crypto ike sa remote-id <remote id> 


Syntax Description 





policy <value> Optional. Removes all IKE SAs associated with the specified policy priority 
value. This number is assigned using the command crypto ike on page 648. 


remote-id <remote id> Optional. Removes all IKE SAs associated with the specified IKE remote ID. A 
delete payload is sent to the peers prior to deletion of the SA. This 
command is preferred to the clear crypto ike sa policy <va/lue> command 
when multiple unique SAs have been created on the same IKE policy, but 
the user wants to delete only the SA to a unique peer. 


Default Values 





No default value necessary for this command. 


Command History 


Release 4.1 Command was introduced. 
Release 12.1 Command was expanded to include policy and remote-id. 


Usage Examples 





The following example clears the entire database of IKE SAs (including the active associations): 


>enable 
#clear crypto ike sa 


The following example clears IKE SAs associated with policy 101: 


>enable 
#clear crypto ike sa policy 101 


The following example clears an IKE SA associated with remote-id netvanta: 


>enable 
#clear crypto ike sa remote-id netvanta 
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clear crypto ipsec sa 


Use the clear crypto ipsec sa command to clear existing IPSec security associations (SAs), including 
active ones. Variations of this command include the following: 


clear crypto ipsec sa 

clear crypto ipsec sa entry <ijp address> ah <SPI> 
clear crypto ipsec sa entry <ip address> esp <SP/> 
clear crypto ipsec sa map <name> 

clear crypto ipsec sa peer </p address> 

clear crypto ipsec sa remote-id <remote-id> 


Syntax Description 





entry <ip address> Optional. Clears only the SAs related to the specified destination IP 
address. IP addresses should be expressed in dotted decimal notation (for 
example, 10.10.10.1). 


ah <SPIl> Optional. Clears only a portion of the SAs by specifying the authentication 
header (AH) protocol and a security parameter index (SPI). You can 
determine the correct SPI value using the show crypto ipsec sa 
command. 


esp <SPI> Optional. Clears only a portion of the SAs by specifying the encapsulating 
security payload (ESP) protocol and an SPI. You can determine the correct 
SPI value using the show crypto ipsec sa command. 

map <name> Optional. Clears only the SAs associated with the specified crypto map. 

peer <ip address> Optional. Clears only the SAs associated with the specified far-end IP 
address. IP addresses should be expressed in dotted decimal notation (for 
example, 10.10.10.1). 

remote-id <remote-id> Optional. Removes all IPSec SAs associated with the specified IPSec remote 
ID. 


Default Values 





No default value necessary for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 15.1 Added remote-id option. 
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Usage Examples 





The following example clears all IPSec SAs: 


>enable 
#clear crypto ipsec sa 


The following example clears the IPSec SA used for ESP traffic with the SPI of 300 to IP address 
63.97.45.57: 


>enable 
#clear crypto ipsec sa entry 63.97.45.57 esp 300 
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clear dot11 client <mac address> 


Use the clear dot11 client command to disassociate with the client that has the specified media access 
control (MAC) address. 


Syntax Description 


<mac address> Specifies the MAC address of the client for which disassociation is desired. 
MAC addresses should be expressed in the following format: 
XXIXXIXXIXX:XX:XX (for example, 00:A0:C8:00:00:01). 


Default Values 





No default values necessary for this command. 


Command History 





Release15.1 Command was introduced. 


Usage Examples 
The following example disassociates with a client with the MAC address 00:40:96:AB:38:5E: 





>enable 
#clear dot11 client 00:40:96:AB:38:5E 


This Station has been removed. 
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clear dump-core 


The clear dump-core command clears diagnostic information appended to the output of the show version 
command. This information results from an unexpected unit reboot. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example clears the entire database of IKE SAs (including the active associations): 


>enable 
#clear dump-core 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 78 


Command Reference Guide Enable Mode Command Set 





clear event-history 


Use the clear event-history command to clear all messages logged to the local event-history. 





Messages cleared from the local event-history (using the clear event-history command) are 
au no longer accessible. 


7 





Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example clears all local event-history messages: 


>enable 
#clear event-history 
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clear gvrp statistics 


Use the clear gvrp statistics command to clear counter statistics on GARP VLAN Registration Protocol 
(GVRP) interfaces. Variations of this command include: 


clear gvrp statistics all 
clear gvrp statistics interface <interface> 


Syntax Description 





all Clears the information for all GVRP interfaces. 


interface <interface> Clears the information for the specified interface. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type clear gvrp statistics 
interface ? for a complete list of applicable interfaces. 


Default Values 





There are no default settings for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example clears counter statistics on the GVRP interfaces: 


>enable 
#clear gvrp statistics all 
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clear host 


Use the clear host command to clear a host name when using the domain naming system (DNS) proxy. 
Variations of this command include: 


clear host * 
clear host <hostname> 
clear host vrf <name> <hostname> 


Syntax Description 





* Clears all hosts from the host table. 
<hostname> Clears a specific host entry from the host-to-address table. 
vrf <name> Optional. Clears the host table entry for a specific VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 16.1 Command was expanded to include VRF parameter. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example clears all dynamic host names: 


>enable 
#clear host * 
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clear ip bgp 


Use the clear ip bgp command to clear Border Gateway Protocol (BGP) neighbors as specified. Variations 
of this command include: 


clear ip bgp [* | <number> | <ip address>] in 
clear ip bgp [* | <number> | <ip address>] out 
clear ip bgp [* | <number> | <ip address>] soft 


Syntax Description 





- Clears all BGP neighbors. 

<number> Clears all BGP neighbors with the specified autonomous system (AS) 
number. Range is 1 to 65,535. 

<ijp address> Clears the BGP neighbor with the specified IP address. IP addresses 


should be expressed in dotted decimal notation (for example, 10.10.10.1). 


in Causes a soft reset inbound with a neighbor, reprocessing routes 
advertised by that neighbor. 


out Causes a soft reset outbound with a neighbor, resending advertised routes 
to that neighbor. 


soft Causes a soft reset both inbound and outbound. 


Default Values 


No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





The clear ip bgp command must be issued to re-initialize the BGP process between the peers matching 
the given arguments. Most neighbor changes, including changes to prefix-list filters, do not take effect until 
the clear command is issued. A hard reset clears the TCP connection with the specified peers, which 
results in clearing the table. This method of clearing is disruptive and causes peer routers to record a route 
flap for each route. 


The out version of this command provides a soft reset out to occur by causing all routes to be re-sent to 
the specified peer(s). TCP connections are not torn down, so this method is less disruptive. Output 
filters/policies are re-applied before sending the update. 


The in version of this command provides a soft reset in to occur by allowing the router to receive an 
updated table from a peer without tearing down the TCP connection. This method is less disruptive and 
does not count as a route flap. Currently, all of the peer's routes are stored permanently, even if they are 
filtered by a prefix list. The command causes the peer's routes to be reprocessed with any new 
parameters. 
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Usage Examples 





The following example causes a hard reset with peers with an AS number of 101: 


>enable 
#clear ip bgp 101 
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clear ip cache 


Use the clear host command to clear a host name when using the domain naming system (DNS) proxy. 
Variations of this command include: 


clear host * 
clear host <hostname> 
clear host vrf <name> <hostname> 


Syntax Description 





* Clears all hosts from the host table. 
<hostname> Clears a specific host entry from the host-to-address table. 
vrf <name> Optional. Clears the host table entry for a specific VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 16.1 Command was expanded to include VRF parameter. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example clears all dynamic host names: 


>enable 
#clear host * 
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clear ip cache 


Use the clear ip cache command to delete cache table entries. Add the counters parameter to reset the 
counters on the cache table. The command can be limited to a specific VRF. Variations of this command 
include: 


clear ip cache 

clear ip cache counters 

clear ip cache vrf <name> 

clear ip cache vrf <name> counters 


Syntax Description 





counters Optional. Resets counters in the cache table. 
vrf <name> Optional. Clears all fast-cache entries for a specific VRF. 


Default Values 


No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 14.1 Command was expanded to include the counters parameter. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example removes all entries from the cache table: 
>enable 

#clear ip cache 

The following example resets all fast-cache entries just for the VRF RED: 


>enable 
#clear ip cache vrf RED counters 
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clear ip dhcp-server binding 


Use the clear ip dhcp-server binding command to clear DHCP server binding entries. Variations of this 


command include: 


clear ip dhcp-server binding * 

clear ip dhcp-server binding <ip address> 

clear ip dhcp-server binding vrf <name> * 

clear ip dhcp-server binding vrf <name> <ip address> 


Syntax Description 





* Clears all automatic DHCP server binding entries. 
vrf <name> Clears DHCP server binding entries on the specified VRF. 
<ijp address> Clears a specific DHCP server binding. 


Default Values 





No default value necessary for this command. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command was expanded to include the VRF parameter. 


Usage Examples 





The following example clears all DHCP server bindings on the default VRF: 


>enable 
#clear ip dhcp-server binding * 


The following example clears all DHCP server bindings from the VRF RED: 


>enable 
#clear ip dhcp-server binding vrf RED * 
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clear ip ffe 


Use the clear ip ffe command to remove the RapidRoute Engine (formerly FFE) entries on all interfaces or 
on a specific ingress interface. Variations of this command include: 


clear ip ffe <interface> 


Syntax Description 


<interface> Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type clear ip ffe? for a complete list of valid interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example clears all FFE entries for the Ethernet 0/1 interface: 


>enable 
#clear ip ffe ethernet 0/1 
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clear ip flow stats 


Use the clear ip flow stats command to clear all statistics associated with an integrated traffic monitoring 
(ITM) observation point. 


Syntax Description 


No subcommanas. 


Default Values 





No default values necessary for this command. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example clears all ITM statistics associated with an observation point: 


#clear ip flow stats 
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clear ip flow top-talkers 


Use the clear ip flow top-talkers command to clear all statistics associated with Integrated Traffic 
Monitoring (ITM) Top Talker listings. 


Syntax Description 


No subcommanas. 


Default Values 





No defaults are associated with this command. 


Command History 





Release 17.1 Command was introduced. 


Usage Examples 





The following example clears all Top Talker statistics: 


#clear ip flow top-talkers 
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clear ip igmp group 


Use the clear ip igmp group command to clear entries from the Internet Group Management Protocol 
(IGMP) tables. If no address or interface is specified, all nonstatic IGMP groups are cleared with this 


command. Variations of this command include: 
clear ip igmp group 


clear ip igmp group <multicast address> 
clear ip igmp group <interface> 


Syntax Description 





<multicast address> Optional. Clears the IGMP tables of a specific multicast group IP address. The 
multicast group IP address range is 244.0.0.0 to 239.255.255.255 or 
224.0.0.0 /4. 

<interface> Optional. Clears the IGMP tables of all interfaces of the specified type or a 


specific interface of a particular type. Specify an interface in the format 
<interface type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 


interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a PPP 


interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 


wireless virtual access point, use dot11ap 1/1.1. Type clear ip igmp group 


? for a list of valid interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 7.1 Command was introduced. 


Release 9.1 Command was expanded to include HDSL and tunnel interfaces. 


Usage Examples 


The following example shows output for the show igmp groups command before and after a 
clear ip igmp group command is issued. This example clears the IGMP entry that was registered 
dynamically by a host. Interfaces that are statically joined are not cleared: 


>enable 

#show ip igmp groups 

IGMP Connected Group Membership 

Group Address Interface Uptime Expires Last Reported 
239.192.19.136 eth 0/1 01:38:42 00:01:48 10.100.13.240 
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clear ip ospf 


Use the clear ip ospf command to reset open shortest path first (OSPF) information. Variations of this 


command include: 


clear ip ospf process 
clear ip ospf redistribution 


Syntax Description 





process Restarts the OSPF process. 


redistribution Refreshes routes redistributed over OSPF. 


Default Values 





No default value necessary for this command. 


Command History 


Release 11.1 Command was introduced. 


Usage Examples 





The following example resets the OSPF process: 


>enable 
#clear ip ospf process 
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clear ip policy-sessions 


Use the clear ip policy-sessions command to clear policy class sessions. You may clear all the sessions or 
a specific session. Use the show ip policy-sessions command to view a current session listing. The 
following lists the complete syntax for the clear ip policy-sessions commands: 


clear ip policy-sessions 


clear ip policy-sessions <class name> [ahp | esp | gre | icmp | tcp | udp | <protocol>] <source ip> 
<source port> <dest ip> <dest port> 

clear ip policy-sessions <class name> [ahp | esp | gre | icmp | tcp | udp | <protocol>] <source ip> 
<source port> <dest ip> <dest port> [destination | source] <nat jp> <nat port> 

clear ip policy-sessions any-vrf 

clear ip policy-sessions vrf <name> 

clear ip policy-sessions vrf <name> <policy class name> [ahp | esp | gre | icmp | tcp | udp | 
<protocol>] <source ip> <source port> <dest ip> <dest port> 

clear ip policy-sessions vrf <name> <policy class name> [ahp | esp | gre | icmp | tcp | udp | 
<protocol>] <source ip> <source port> <dest ip> <dest port> [destination | source] <nat ip> 


<nat port> 


Syntax Description 





<class name> 


ahp 

esp 

gre 

icmp 

tcp 

udp 
<protocol> 
<source ip> 


<source port> 


<dest ip> 


<dest port> 


[destination | source] 


<nat ip> 


<nat port> 


Alphanumeric descriptor for identifying the configured access policy 
(access policy descriptors are not case sensitive). 


Specifies Authentication Header Protocol (AHP). 

Specifies Encapsulating Security Payload Protocol (ESP). 

Specifies General Routing Encapsulation Protocol (GRE). 

Specifies Internet Control Message Protocol (ICMP). 

Specifies Transmission Control Protocol (TCP). 

Specifies Universal Datagram Protocol (UDP). 

Specifies a protocol. Valid range is 0 to 255. 

Specifies the source IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 

Specifies the source port (in hex format AHP, ESP, and GRE; decimal for all 
other protocols). 

Specifies the destination IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 

Specifies the destination port (in hex format for AHP, ESP, and GRE; 
decimal for all other protocols). 

For NAT sessions, this specifies whether to select a NAT source or NAT 
destination session. 

For NAT sessions, this specifies the NAT IP address. IP addresses should 
be expressed in dotted decimal notation (for example, 10.10.10.1). 

For NAT sessions, this specifies the NAT port (in hex format for AHP, ESP, 
and GRE; decimal for all other protocols). 
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vrf <name> Optional. Specifies the VRF instance to impact. Executing the 
abovementioned commands without specifying a VRF will only affect the 
default unnamed VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include the VRF parameter. 


Functional Notes 





The second half of this command, beginning with the source IP address, may be copied and pasted from a 
row in the show ip policy-sessions table for easier use. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example clears the Telnet association (TCP port 23) for policy class pclass1 with source IP 
address 192.22.71.50 and destination 192.22.71.130: 


>enable 
#clear ip policy-sessions pclass1 tcp 192.22.71.50 23 192.22.71.130 23 


The following example clears all policy class sessions for the VRF instance named RED: 


>enable 
#clear ip policy-sessions vrf RED 
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clear ip policy-stats 


Use the clear ip policy-stats command to clear statistical counters for policy classes. Variations of this 
command include: 


clear ip policy-stats 
clear ip policy-stats <name> 
clear ip policy-stats <name> entry <number> 


Syntax Description 





<name> Optional. Specifies the policy class to clear. If no policy class is specified, 
statistics are cleared for all policies. 


entry <number> Optional. Clears the statistics of a specific policy class entry. 


Default Values 





No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example clears statistical counters for all policy classes: 


>enable 
#clear ip policy-stats 


The following example clears statistical counters for the policy class MatchALL: 


>enable 
#clear ip policy-stats MatchALL 
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clear ip prefix-list <name> 


Use the clear ip prefix-list command to clear the IP prefix list hit count shown in the show ip prefix-list 
detail command output. Refer to show ip prefix-list on page 412 for more information. 


Syntax Description 


<name> Clears the count statistics of the specified IP prefix list. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example clears the hit count statistics for prefix list test: 


>enable 
#clear ip prefix-list test 
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clear ip route 


Use the clear ip route command to remove all learned routes from the IP route table. Static and connected 
routes are not cleared by this command. The command can be limited to a specific VRF. Variations of this 
command include: 


clear ip route * 

clear ip route </p address> <subnet mask> 

clear ip route vrf <name> * 

clear ip route vrf <name> <ip address> <subnet mask> 


Syntax Description 





Deletes all destination routes. 

<ip address> Specifies the IP address of the destination routes to be deleted. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 

<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 


(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


vif <name> Optional. Clears the IP route table for the specified VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example removes all learned routes from the route table: 


>enable 
#clear ip route * 
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The following example removes all learned routes from the route table on the VRF RED: 


>enable 
#clear ip route vrf RED * 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 97 


Command Reference Guide Enable Mode Command Set 





clear ip rtp quality-monitoring 


Use the clear ip rtp quality-monitoring command to clear various voice quality monitoring (VQM) 
statistics and metrics from the call history, active calls, and all interfaces. Variations of this command 
include: 


clear ip rtp quality-monitoring 
clear ip rtp quality-monitoring call-history 
clear ip rtp quality-monitoring interface <interface> 


Syntax Description 





call-history Optional. Removes call statistics from the call history only. 


interface <interface> Optional. Clears all interface VQM statistics for the specified interface. 
Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type clear ip rtp quality-monitoring interface ? for a valid 
list of interfaces. 


Default Values 


No default values necessary for this command. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was included in the AOS voice products. 


Usage Examples 





The following example clears IP RTP quality-monitoring metrics from the call history: 


>enable 
#clear ip rtp quality-monitoring call-history 
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clear ip urlfilter statistics 


Use the clear ip urlfilter statistics command to clear all statistics counters for uniform resource locator 
(URL) filter requests and responses. 


Syntax Description 


No subcommanas. 


Default Values 





No default necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example clears all counters for URL filter requests and responses: 


>enable 
#clear ip urlfilter statistics 
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clear ip urlfilter top-websites 


Use the clear ip urlfilter top-websites command to clear all statistics for top websites reporting. 


Syntax Description 





No subcommanas. 


Default Values 





No default necessary for this command. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example clears all statistics for top websites reporting: 


>enable 
#clear ip urlfilter top-websites 
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clear Ildp counters interface <interface> 


Use the clear Ildp counters interface command to reset all Link Layer Discovery Protocol (LLDP) packet 
counters to zero on all interfaces. 


Syntax Description 


<interface> Clears the information for the specified interface. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a 
wireless virtual access point, use dot11ap 1/1.1. Type clear Ildp counters 
interface ? for a complete list of applicable interfaces. 


Default Values 





There are no default settings for this command. 


Command History 


Release 8.1 Command was introduced. 


Usage Examples 





The following example resets all LLDP counters: 


>enable 
#clear Ildp counters 
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clear Ildp neighbors 
Use the clear Ildp neighbors command to remove all neighbors from this unit’s database. As new Link 


Layer Discover Protocol (LLDP) frames are received, the database will contain information about 
neighbors included in those frames. 


Syntax Description 





No subcommanas. 


Default Values 





There are no default settings for this command. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command generates output indicating the names of any neighbors deleted from the database and the 
name of the interface on which the neighbor was learned. 


Usage Examples 





The following example clears LLDP neighbor Switch_1 from the Ethernet interface 0/7: 


>enable 

#clear Ildp neighbors 

LLDP: Deleted neighbor “Switch_1” on interface eth 0/7 
# 
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clear mac address-table dynamic 


Use the clear mac address-table dynamic command to remove dynamic media access control (MAC) 
addresses from the MAC address table. Variations of this command include: 


clear mac address-table dynamic <interface> 
clear mac address-table dynamic address <mac address> 


Syntax Description 





<interface> Removes the MAC address of the specified interface. Specify an interface 
in the format <interface type [slot/port | slot/port.subinterface id | interface id 
| interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type clear mac 
address-table dynamic interface ? for a complete list of applicable 
interfaces. 


address <mac address> Removes a specific MAC address from the table. MAC addresses should 
be expressed in the following format xx:xx:xx:xx:xx:xx (for example, 
00:A0:C8:00:00:01). 


Default Values 


No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 
The following example removes the dynamic address A0:B1:C2:D3:E4:A1 from the MAC address table: 


>enable 
#clear mac address-table dynamic address A0:B1:C2:D3:E4:A1 


The following example removes all dynamic addresses from the MAC address table: 


>enable 
#clear mac address-table dynamic 
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clear mac address-table multicast 


Use the clear mac address-table multicast command to clear all entries in the multicast address 
resolution lookup (ARL) table or filter the entries based on certain criteria. Variations of this command 
include: 


clear mac address-table multicast 

clear mac address-table multicast igmp-snooping 

clear mac address-table multicast user 

clear mac address-table multicast vlan <vian id> 

clear mac address-table multicast vlan <vian id> igmp-snooping 
clear mac address-table multicast vlan <vian id> user 


Syntax Description 





igmp-snooping Clears entries in the multicast ARL table that were added dynamically (via 
IGMP snooping). 

user Clears entries in the multicast ARL table that were added statically (by the 
user). 

vlan <vian id> Clears entries in the multicast ARL table based on VLAN. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example removes the entries in the multicast ARL table for VLAN 200: 


>enable 
#clear mac address-table multicast vlan 200 
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clear mail-client body <agent name> 


Use the clear mail-client body command to clear the body text of the pending email message for a specific 
mail agent. 


Syntax Description 


<agent name> Specifies which mail agent body text is cleared. 


Default Values 





No default values are associated with this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example clears pending email body text for mail agent myagent: 


>enable 
#clear mail-client body myagent 
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clear mail-client counters 


Use the clear mail-client counters command to clear all statistical counters associated with all mail 
agents. Variations of this command include: 


clear mail-client counters 
clear mail-client counters <agent name> 


Syntax Description 





<agent name> Optional. Specifies that only a specific mail agent’s counters are cleared. 


Default Values 





No default values are associated with this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example clears all counters for all configured mail agents: 


>enable 
#clear mail-client counters 
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clear ntp 


Use the clear ntp command to restart the Network Time Protocol (NTP) daemon. 


Syntax Description 





No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example restarts the NTP daemon: 


>enable 
#clear ntp 
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clear port-security 


Use the clear port-security command to clear the dynamic or sticky secure media access control (MAC) 
addresses associated with an interface. This can be done on a per-address or per-port basis. Variations of 
this command include the following: 


clear port-security dynamic address <mac address> 
clear port-security dynamic interface <interface> 
clear port-security sticky address <mac address> 
clear port-security sticky interface <interface> 


Syntax Description 





dynamic Clears the dynamic MAC addresses. 
sticky Clears the sticky secure MAC addresses. 
address <mac address> Clears the information for the specified MAC address. MAC addresses 


should be expressed in the following format xx:xx:xx:xx:xx:xx (for example, 
00:A0:C8:00:00:01). 

interface <interface> Clears the information for the specified interface. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a 
wireless virtual access point, use dot11ap 1/1.1. Type clear port-security 
sticky interface ? or clear port-security dynamic interface ? for a 
complete list of applicable interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following command clears all dynamic secure MAC addresses associated with the Ethernet interface 
0/1: 


>enable 
#clear port-security dynamic interface eth 0/1 
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clear port-security violation-count </nterface> 


Use the clear port-security violation-count command to clear the violation count associated with a 
particular interface. 


Syntax Description 


<interface> Clears the information for the specified Ethernet interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
clear port-security violation-count interface ? for a complete list of 
applicable interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following command clears the violation count associated with the Ethernet interface 0/1: 


>enable 
#clear port-security violation-count eth 0/1 
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clear pppoe </interface> 


Use the clear pppoe command to terminate the current PPPoE client session and cause AOS to attempt to 
re-establish the session. 


Syntax Description 


<interface> Specifies the PPP interface ID number to clear. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type clear pppoe ? for a 
complete list of valid interfaces. 


Default Values 





No default value necessary for this command. 


Command History 


Release 5.1 Command was introduced. 


Usage Examples 





The following example ends the current PPPoE client session for ppp 1: 


>enable 
#clear pppoe 1 
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clear probe responder 


Use the clear probe responder command to remove entries from the probe responders. Variations of this 
command include: 


clear probe responder counters 

clear probe responder icmp-timestamp counters 
clear probe responder twamp counters 

clear probe responder udp-echo counters 


Syntax Description 





counters Clears the probe responder counters. 


icmp-timestamp Clears the Internet Control Message Protocol (ICMP) timestamp probe 
responder counters. 


twamp Clears the Two-way Active Measurement Protocol (TWAMP) probe 
responder counters. 


udp-echo Clears the User Datagram Protocol (UDP) echo probe responder counters. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example removes the TWAMP responder counters: 


>enable 
#clear probe responder twamp counters 
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clear processes cpu max 


Use the clear processes cpu max command to clear the maximum CPU usage statistic which is displayed 


in the show process cpu command output. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example resets the CPU maximum usage statistics: 


>enable 
#clear process cpu max 
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clear processes queue 


Use the clear processes queue command to clear the contents of the system processing queues. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example clears the contents of the system processing queues: 


>enable 
#clear process queue 
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clear qos map 


Use the clear qos map command to clear the statistics for all defined quality of service (QoS) maps or for 
maps meeting user-configured specifications. Variations of this command include the following: 


clear qos map 

clear qos map <name> 

clear qos map <name> <number> 
clear qos map interface </nterface> 


Syntax Description 





<name> Optional. Clears the statistics of a defined QoS map. 

<number> Optional. Clears the statistics for one of the map’s specified sequence 
numbers. 

interface <interface> Optional. Clears QoS map statistics for the specified interface. Specify an 


interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1.Type 
clear qos map interface ? for a complete list of applicable interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example clears statistics for all defined QoS maps: 


#clear qos map 


The following example clears statistics for all entries in the priority QoS map: 


#clear qos map priority 


The following example clears statistics in entry 10 of the priority QoS map: 


#clear qos map priority 10 
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The following example clears QoS statistics for a specified interface: 


#clear qos map interface frame-relay 1 





Statistics). 


Wo The clear counters command clears ALL interface statistics (including QoS map interface 
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clear relay 


Use the clear relay command to reset the door contact relay. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example resets the door contact relay: 


>enable 
#clear relay 
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clear route-map counters 


Use the clear route-map counters command to reset route map hit counters. Variations of this command 
include: 


clear route-map counters 
clear route-map counters <name> 


Syntax Description 





<name> Optional. Clears the counters for the specified route map. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example clears all route map counters: 


>enable 
#clear route-map counters 
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clear sip location <username> 


Use the clear sip location command to clear Session Initiation Protocol (SIP) location database statistics. 


Syntax Description 





<username> Clears the statistics for the specified user name. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example deletes all dynamic location entries: 


>enable 
#clear sip location ** 
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clear sip trunk-registration 


Use the clear sip trunk-registration command to clear local Session Initiation Protocol (SIP) registration 
information for one or more trunks. Variations of this command include: 


clear sip trunk-registration 
clear sip trunk-registration <7xx> 
clear sip trunk-registration <7xx> <trunk id> 


Syntax Description 





<Txx> Optional. Specifies the trunk to clear using its two-digit identifier. For 
example: T01. 


<trunk id> Optional. Clears the registration information for the specified trunk. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example clears SIP registration information for trunk 01: 


>enable 
#clear sip trunk-registration T01 
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clear sip user-registration 


Use the clear sip user-registration command to clear local Session Initiation Protocol (SIP) server 


registration information. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example clears all SIP server registration information: 


>enable 
#clear sip user-registration 
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clear spanning-tree counters 


The clear spanning-tree counters command clears the following counts: BPDU transmit, BPDU receive, 
and number of transitions to forwarding state. Variations of this command include: 


clear spanning-tree counters 
clear spanning-tree counters interface <interface> 


Syntax Description 





interface <interface> Optional. Specifies a single interface. Specify an interface in the format 
<interface type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type clear spanning-tree 
counters ? for a complete list of interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example clears the spanning tree counters for Ethernet 0/10: 


>enable 
#clear spanning-tree counters interface eth 0/10 
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clear spanning-tree detected-protocols 


Use the clear spanning-tree detected-protocols command to restart the protocol migration process. 
Variations of this command include: 


clear spanning-tree detected-protocols 
clear spanning-tree detected-protocols interface <interface> 


Syntax Description 





interface <interface> Optional. Specifies a valid interface to clear. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type clear spanning-tree 
detected-protocols interface ? for a complete list of applicable interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The switch has the ability to operate using the rapid spanning-tree protocol or the legacy 802.1D version of 
spanning-tree. When a bridge protocol data unit (BPDU) of the legacy version is detected on an interface, 
the switch automatically regresses to using the 802.1D spanning-tree protocol for that interface. Issue the 
clear spanning-tree detected-protocols command to return to rapid spanning-tree operation. 


Usage Examples 





The following example re-initiates the protocol migration process on Ethernet interface 0/3: 


>enable 
#clear spanning-tree detected-protocols interface ethernet 0/3 


The following example re-initiates the protocol migration process on all interfaces: 


>enable 
#clear spanning-tree detected-protocols 
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clear tacacs+ statistics 


Use the clear tacacs+ statistics command to delete all terminal access controller access control system 


(TACACS+) protocol statistics. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example clears all TACACS+ protocol statistics: 


>enable 
#clear tacacs+ statistics 
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clear user 


Use the clear user command to detach a user from a given line. Variations of this command include: 


clear user console <number> 
clear user ssh <number> 
clear user telnet <number> 


Syntax Description 





console <number> Detaches a specific console user. Valid range is 0 to 1. 
ssh <number> Detaches a specific secure shell (SSH) user. Valid range is 0 to 4. 
telnet <number> Detaches a specific Telnet user. Valid range is 0 to 5. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example detaches the console 1 user: 


>enable 
#clear user console 1 
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clear vrrp counters 


Use the clear vrrp counters command to clear the Virtual Router Redundancy Protocol (VRRP) statistics. 
The following are variations of this command: 


clear vrrp counters 
clear vrrp counters interface <interface> 
clear vrrp counters interface </nterface> group <number> 


Syntax Description 





interface <interface> Optional. Clears all VRRP statistics on the specified interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, 
use ppp 1; for an ATM subinterface, use atm 1.1; and for a wireless virtual 
access point, use dot11ap 1/1.1. Type clear vrrp counters interface ? for 
a complete list of valid interfaces. 


group <number> Optional. Clears all VRRP statistics for the specified group on the specified 
interface. Group numbers range from 1 to 255. 


Default Values 





This command does not require default values. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





Although VRRP group virtual router IDs (VRIDs) can be numbered between 1 and 255, only two VRRP 
routers per interface are supported. 


Usage Examples 





The following example clears all VRRP group statistics on all interfaces: 


>enable 
#clear vrrp counters 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 125 


Command Reference Guide Enable Mode Command Set 





clock auto-correct-dst 


The clock auto-correct-dst command allows the automatic one-hour correction for Daylight Saving Time 
(DST). Use the clock no-auto-correct-dst command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default this command is enabled. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example allows for automatic DST correction: 


>enable 
#clock auto-correct-dst 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 126 


Command Reference Guide Enable Mode Command Set 





clock no-auto-correct-dst 


The clock no-auto-correct-dst command allows you to override the automatic one-hour correction for 
Daylight Saving Time (DST). 


Syntax Description 


No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





Many time zones include an automatic one-hour correction for daylight saving time at the appropriate time. 
You may override it at your location using this command. 


Usage Examples 





The following example overrides the one-hour offset for DST: 


>enable 
#clock no-auto-correct-dst 
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clock set <time> <day> <month> <year> 


Use the clock set command to configure the system software clock. For the command to be valid, all fields 
must be entered. Refer to the Usage Examples below for an example. 


Syntax Description 


<time> Sets the time (in 24-hour format) of the system software clock in the format 
HH:MM:SS (hours:minutes:seconds). 

<day> Sets the current day of the month. Valid range is 1 to 31. 

<month> Sets the current month. Valid range is January to December. You need only 
enter enough characters to make the entry unique. This entry is not case 
sensitive. 

<year> Sets the current year. Valid range is 2000 to 2100. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example sets the system software clock for 3:42 p.m., August 22, 2004: 


>enable 
#clock set 15:42:00 22 Au 2004 
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clock timezone <value> 


The clock timezone command sets the unit’s internal clock to the timezone of your choice. This setting is 
based on the difference in time (in hours) between Greenwich Mean Time (GMT) or Central Standard 
Time (CST) and the timezone for which you are setting up the unit. Use the no form of this command to 
disable this feature. 


Syntax Description 





<value> Clock timezone values are specified in the Functional Notes section for this 
command. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 11.1 Command was expanded to include clock timezone 0. 
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Functional Notes 





The following list shows sample cities and their timezone codes. 


clock timezone +1-Amsterdam 
clock timezone +1-Belgrade 
clock timezone +1-Brussels 
clock timezone +1-Sarajevo 
clock timezone +1-West-Africa 
clock timezone +10-Brisbane 
clock timezone +10-Canberra 
clock timezone +10-Guam 
clock timezone +10-Hobart 
clock timezone +10-Vladivostok 
clock timezone +11 

clock timezone +12-Auckland 
clock timezone +1 2-Fiji 

clock timezone +13 

clock timezone +2-Athens 
clock timezone +2-Bucharest 
clock timezone +2-Cairo 

clock timezone +2-Harare 
clock timezone +2-Helsinki 
clock timezone +2-Jerusalem 
clock timezone +3-Baghdad 
clock timezone +3-Kuwait 
clock timezone +3-Moscow 
clock timezone +3-Nairobi 
clock timezone +3:30 

clock timezone +4-Abu-Dhabi 
clock timezone +4-Baku 

clock timezone +4:30 

clock timezone +5-Ekaterinburg 
clock timezone +5-Ilslamabad 
clock timezone +5:30 

clock timezone +5:45 

clock timezone +6-Almaty 
clock timezone +6-Astana 
clock timezone +6-Sri-Jay 
clock timezone +6:30 

clock timezone +7-Bangkok 
clock timezone +7-Kranoyarsk 


clock timezone +8-Bejing 

clock timezone +8-Irkutsk 

clock timezone +8-Kuala-Lumpur 

clock timezone +8-Perth 

clock timezone +8- Taipei 

clock timezone +9-Osaka 

clock timezone +9-Seoul 

clock timezone +9-Yakutsk 

clock timezone +9:30-Adelaide 

clock timezone +9:30-Darwin 

clock timezone -1-Azores 

clock timezone -1-Cape-Verde 

clock timezone -10 

clock timezone -11 

clock timezone -12 

clock timezone -2 

clock timezone -3-Brasilia 

clock timezone -3-Buenos-Aires 

clock timezone -3-Greenland 

clock timezone -3:30 

clock timezone -4-Atlantic-Time 

clock timezone -4-Caracus 

clock timezone -4-Santiago 

clock timezone -5 

clock timezone -5-Bogota 

clock timezone -5-Eastern-Time 

clock timezone -6-Central-America 

clock timezone -6-Central-Time 

clock timezone -6-Mexico-City 

clock timezone -6-Saskatchewan 

clock timezone -7-Arizona 

clock timezone -7-Mountain-Time 

clock timezone -8 

clock timezone -9 

clock timezone 0-Universal Coordinated Time 
(UTC) 

clock timezone GMT-Casablanca 

clock timezone GMT-Dublin 
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Usage Examples 





The following example sets the timezone for Santiago, Chile. 


>enable 
#clock timezone -4-Santiago 
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configure 


Use the configure command to enter the Global Configuration mode or to configure the system from 
memory. Refer to Global Configuration Mode Command Set on page 593 for more information. Variations 
of this command include: 


configure memory 
configure network 
configure overwrite-network 
configure terminal 


Syntax Description 





memory Configures the active system with the commands located in the default 
configuration file stored in NVRAM. 

network Configures the system from a Trivial File Transfer Protocol (TFTP) network 
host. 

overwrite-network Overwrites NVRAM memory from a TFTP network host. 

terminal Enters the Global Configuration mode. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enters the Global Configuration mode from the Enable mode: 


>enable 
#configure terminal 
(config)# 
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copy 


Use the copy commands to copy the specified file from the source (flash memory) to the specified 
destination. 


Variations of this command (valid only on AOS units WITHOUT CompactFlash®) include: 


copy <sourcefile> <new file> 

copy <sourcefile> boot 

copy <sourcefile> default-config 

copy <sourcefile> interface <interface> 
copy <sourcefile> startup-config 


Syntax Description 





<sourcefile> Specifies the name of the file to copy. 

<new file> Makes a copy of the specified source file and saves it in flash memory using 
the specified new name. 

boot Copies the specified source file and overwrites the boot ROM. 

default-config Replaces the default configuration with the specified file copied from flash 
memory. 

interface <interface> Updates the specified interface using a copy of the specified file. Specify an 


interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
copy <sourcefile> interface ? to display a list of valid interfaces. 


startup-config Replaces the startup configuration with the specified file copied from flash 
memory. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include default-config. 
Release 17.2 Command was expanded to include cellular interface. 


Functional Notes 





Updates to the boot ROM are required periodically to enhance and expand the unit’s operation. The 
bootcode can be updated from within the CLI using the copy <sourcefile> boot command. 
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Usage Examples 





The following example copies the file myfile.biz (located in flash memory) and overwrites the boot ROM: 


>enable 

#copy myfile.biz boot 

Upgrading bootcode is a critical process that cannot be interrupted. If something were to happen and the 
process was not able to be completed, it would render your unit inoperable. It is for this reason that during 
a bootcode upgrade, all other system tasks will be halted. This means packets will not be routed, and all 
console sessions will not respond during the upgrade process. Once the process finishes, the system will 
function as it did before. This process will take approximately 20 seconds. 

Do you want to proceed? [yes/noly 


WARNING!! A bootcode upgrade has been initiated. Your session will become 
nonresponsive for the duration of the upgrade (approx. 20 seconds). A message 


will be sent when the upgrade is completed. 


Bootcode upgrade process done. Your session should function normally. 
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copy cflash 


Use the copy cflash command to copy files located on the CompactFlash® card to the specified 


destination. 


Variations of this command (valid only on AOS units WITH CompactFlash) include: 


copy cflash <sourcefile> boot 

copy cflash <sourcefile> cflash <new file> 

copy cflash <sourcefile> http <url> port <port> 
copy cflash <sourcefile> https <url> port <port> 
copy cflash <sourcefile> flash 

copy cflash <sourcefile> flash <new file> 

copy cflash <sourcefile> flash interface <interface> 
copy cflash <sourcefile> startup-config 


copy cflash tftp 


copy cflash xmodem 


Syntax Description 





<new file> 
boot 
cflash <new file> 


flash <new file> 


http <url> 


https <url> 


interface <interface> 


port <port> 


startup-config 


tftp 


Specifies the name of the file (located on the CompactFlash card) to copy. 
Copies the specified source file and overwrites the boot ROM. 


Copies the specified source file and saves it to the CompactFlash card 
using the specified new file name. 


Copies the specified source file and saves it to flash memory using the 
specified file name. 


Copies the specified source file and transfers it to a Hypertext Transfer 
Protocol (HTTP) server using the specified HTTP server URL. Use HTTP 
PUT operation. 


Copies the specified source file and transfers it to a secure socket 
Hypertext Transfer Protocol Secure (HTTPS) server using the specified 
HTTPS server URL. Use HTTPS PUT operation. 


Updates the specified interface using a copy of the specified file. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
copy cflash <sourcefile> interface ? to display a list of valid interfaces. 


Optional. Specifies the port used to transfer the specified file to an HTTP or 
HTTPS server. Range is 0 to 65,335. 

Replaces the startup configuration with the specified file copied from the 
CompactFlash card. 

Copies any file on the CompactFlash card to a specified Trivial File Transfer 
Protocol (TFTP) server. 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 135 


Command Reference Guide Enable Mode Command Set 





After entering copy cflash tftp, AOS prompts for the following information: 
Address of remote host: Specifies the IP address of the TFTP server. 


Source filename: Specifies the name of the file to copy to the TFTP 
server. 
Destination filename: Specifies the file name to use when storing the 


copied file on the TFTP server. (The file will be 
placed in the default directory established by the 
TFTP server.) 
xmodem Copies any file on the CompactFlash card (using the XMODEM protocol) to 

the terminal connected to the console port. XMODEM capability is provided 

in VT100 terminal emulation software, such as HyperTerminal™. 

After entering copy cflash xmodem, AOS prompts for the following 

information: 

Source filename: Specifies the name of the file to copy from 
CompactFlash to the connected terminal. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 16.1 Command was expanded to include HTTP and HTTPS. 
Release 17.2 Command was expanded to include cellular interface. 


Usage Examples 





The following example copies the source file myfile.biz (located on the CompactFlash card) to flash 
memory (naming the new file newfile.biz): 


>enable 
#copy cflash myfile.biz flash newfile.biz 
The following example creates a copy of the file myfile.biz (located on the CompactFlash card), names 


the new file newfile.biz, and places the new file on the installed CompactFlash card: 


>enable 
#copy cflash myfile.biz cflash newfile.biz 


The following example replaces the startup configuration file with the file newconfig.txt. 
>enable 


#copy cflash newconfig.txt startup-config 


The following example copies the file myfile.biz (located on the CompactFlash card) to the specified TFTP 
server: 
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>enable 

#copy cflash tftp 

Address of remote host?10.200.2.4 
Source filename myfile.biz 
Destination filename myfile.biz 
Initiating TFTP transfer... 

Received 45647 bytes. 

Transfer Complete! 


The following example copies the file myfile.biz (located on the CompactFlash card) to the connected 
terminal using XMODEM protocol: 


>enable 

#copy cflash xmodem 

Source filename myfile.biz 

Begin the Xmodem transfer now... 
Press CTRL+X twice to cancel 
CCCCCC 


AOS is now ready to transmit the file on the CONSOLE port (using the XMODEM protocol). The next step 
in the process may differ depending on the type of terminal emulation software you are using. For 
HyperTerminal, you will now select Transfer > Receive File and select the destination. Once the transfer 
is complete, information similar to the following is displayed: 


Received 231424 bytes. 
Transfer complete 
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copy console 


Use the copy console command to copy the console’s input to a text file. To stop copying to the text file, 
type <Ctrl+D>. The file will be saved in the AOS root directory. 


Variations of this command (valid only on AOS units WITHOUT CompactFlash® capability) include: 


copy console <filename> 


Variations of this command (valid only on AOS units WITH CompactFlash capability) include: 


copy console flash <filename> 


Syntax Description 





<filename> Copies the console input and saves it to flash memory using the specified 
file name. 

flash <filename> Copies the console input and saves it to flash memory using the specified 
file name. 


Default Values 





No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





The copy console command works much like a line editor. Prior to pressing <Enter>, changes can be 
made to the text on the line. Changes can be made using <Delete> and <Backspace> keys. The text can 
be traversed using the arrow keys, <Ctrl+A> (to go to the beginning of a line), and <Ctrl+E> (to go to the 
end of a line). To end copying to the text file, type <Ctrl+D>. The file will be saved in the AOS root 
directory. Use the dir command to see a list of files in the root directory. 


Usage Examples 





The following example copies the console input into the file config.txt (located in the AOS root directory): 


>enable 
#copy console flash config.txt 
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copy dynvoice-config 


Use the copy dynvoice-config command to copy the dynamic voice configuration file to the specified 
destination. 


Variations of this command (valid only on AOS units WITH CompactFlash® AND voice capability) 
include: 


copy dynvoice-config cflash </filename> 
copy dynvoice-config flash <filename> 
copy dynvoice-config http <url> 

copy dynvoice-config running-config 
copy dynvoice-config tftp 

copy dynvoice-config xmodem 


Syntax Description 


cflash <filename> Copies the dynamic voice configuration file and saves it to the 
CompactFlash card using the specified file name. 


flash <filename> Copies the dynamic voice configuration file and saves it to flash memory 
using the specified file name. 


http <url> Copies the dynamic voice configuration file and transfers it to a Hypertext 
Transfer Protocol (HTTP) server using the specified HTTP server URL. Use 
HTTP PUT operation. 


running-config Replaces the active running configuration with a copy of the dynamic voice 
configuration file. 


tftp Copies the dynamic voice configuration file and saves it to the specified 
Trivial File Transfer Protocol (TFTP) server. 


After entering copy dynvoice-config tftp, AOS prompts for the following 
information: 


Address of remote host: Specifies the IP address of the TFTP server. 


Source filename: Specifies the name of the file (located on the 
CompactFlash card) to copy to the TFTP server. 


Destination filename: Specifies the file name to use when storing the 
copied file on the TFTP server. (The file will be 
placed in the default directory established by the 
TFTP server.) 


xmodem Copies the dynamic voice configuration file (using the XMODEM protocol) 
and saves it to the terminal connected to the console port. XMODEM 
capability is provided in VT100 terminal emulation software, such as 
HyperTerminal™. 


After entering copy dynvoice-config xmodem, AOS prompts for the 

following information: 

Source filename: Specifies the name of the file to copy from 
CompactFlash to the connected terminal. 
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Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 16.1 Command was expanded to include HTTP. 


Usage Examples 





The following example copies the dynamic voice configuration file and saves it to the CompactFlash card 
using the name myvoice-config: 


>enable 
#copy dynvoice-config cflash myvoice-config 
Percent Complete 100% 


The following example copies the dynamic voice configuration file and saves it to flash memory using the 
name myvoice-config: 


>enable 
#copy dynvoice-config flash myvoice-config 
Percent Complete 100% 


The following example replaces the active running configuration with a copy of the dynamic voice 
configuration file: 


>enable 
#copy dynvoice-config running-config 
Percent Complete 100% 


The following example copies the dynamic voice configuration file and saves it to the TFTP server. 


>enable 

#copy dynvoice-config tftp 
Address of remote host?10.200.2.4 
Destination filename?myvoice-config 
Initiating TFTP transfer... 

Sent 5221 bytes. 

Transfer complete. 
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The following example copies the dynamic voice configuration file (using the XMODEM protocol) and 
saves it to the terminal connected to the console port: 


>enable 

#copy dynvoice-config xmodem 
Begin the Xmodem transfer now... 
Press CTRL+X twice to cancel 
CCCCCC 


AOS is now ready to transmit the file on the CONSOLE port (using the XMODEM protocol). The next step 
in the process may differ depending on the type of terminal emulation software you are using. For 
HyperTerminal, you will now select Transfer > Receive File and select the destination. Once the transfer 
is complete, information similar to the following is displayed: 


Sent 5221 bytes. 
Transfer complete 
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copy flash 


Use the copy flash command to copy files located in flash memory to a specified destination. 


Variations of this command (valid only on AOS units WITH CompactFlash® capability) include: 


copy flash <sourcefile> boot 

copy flash <sourcefile> cflash 

copy flash <sourcefile> cflash <new file> 
copy flash <sourcefile> flash <new file> 

copy flash <sourcefile> http <url> port <port> 
copy flash <sourcefile> https <url> port <port> 
copy flash <sourcefile> interface <interface> 
copy flash <sourcefile> startup-config 


Variations of this command (valid only on AOS units WITH CompactFlash AND voice capability) 
include: 


copy flash <sourcefile> dynvoice-config 
Variations of this command (valid on all AOS units) include: 


copy flash tftp 
copy flash xmodem 


Syntax Description 





<sourcefile> Specifies the name of the file (located on in flash memory) to copy. 

boot Copies the specified source file and overwrites the boot ROM. 

cflash <new file> Copies the specified file and saves it to the CompactFlash card using the 
specified file name. 

dynvoice-config Replaces the dynamic voice configuration file with the specified file copied 
from flash memory. 

http <url> Copies the specified source file and transfers it to a Hypertext Transfer 
Protocol (HTTP) server using the specified HTTP server URL. Use HTTP 
PUT operation. 

https <url> Copies the specified source file and transfers it to a secure socket 


Hypertext Transfer Protocol Secure (HTTPS) server using the specified 
HTTPS server URL. Use HTTPS PUT operation. 

flash <new file> Copies the specified file and saves it to flash memory using the specified 
file name. 
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interface <interface> Updates the specified interface using a copy of the specified file. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
copy flash <sourcefile> interface ? to display a list of valid interfaces. 


port <port> Optional. Specifies the port used to transfer the specified file to an HTTP or 
HTTPS server. Range is 0 to 65,335. 

startup-config Replaces the startup configuration file with a copy of the specified file. 

tftp Copies any file located in flash memory to a specified TFTP server. 


After entering copy flash tftp, AOS prompts for the following information: 
Address of remote host: Specifies the IP address of the TFTP server. 


Source filename: Specifies the name of the file (located in flash 
memory) to copy to the TFTP server. 
Destination filename: Specifies the file name to use when storing the 


copied file on the TFTP server. (The file will be 
placed in the default directory established by the 
TFTP server.) 
xmodem Copies any file located in flash memory (using the XMODEM protocol) to 
the terminal connected to the console port. XMODEM capability is provided 
in VT100 terminal emulation software, such as HyperTerminal™. 
After entering copy flash xmodem, AOS prompts for the following 
information: 


Source filename: Specifies the name of the file (located in flash 
memory) to copy using XMODEM. 


Default Values 





No default value necessary for this command. 


Command History 


Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include HTTP and HTTPS. 
Release 17.2 Command was expanded to include cellular interface. 


Usage Examples 





The following example creates a copy of the file myfile.biz (located in flash memory), names the new file 
newfile.biz, and places the new file in flash memory: 


>enable 
#copy flash myfile.biz flash newfile.biz 


The following example copies the file myfile.biz (located in flash memory) to CompactFlash memory 
(naming the new file newfile.biz): 
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>enable 
#copy flash myfile.biz flash newfile.biz 


The following example copies the file new_startup_config (located in flash memory) to the startup 
configuration: 


>enable 
#copy flash new_startup_config startup-config 


The following example copies the software file myfile.biz located in flash memory to a TFTP server: 


>enable 

#copy flash tftp 

Address of remote host? 10.200.2.4 
Source filename? myfile.biz 
Destination filename? myfile.biz 
Initiating TFTP transfer... 

Sent 769060 bytes. 

Transfer Complete! 


The following example copies the software file myfile.biz (located in flash memory) to the connected 
terminal using XMODEM protocol: 


>enable 

#copy flash xmodem 

Source filename? myfile.biz 
Begin the Xmodem transfer now... 
Press CTRL+X twice to cancel 
CCCCCC 


AOS is now ready to transmit the file on the CONSOLE port (using the XMODEM protocol). The next step 
in the process may differ depending on the type of terminal emulation software you are using. For 
HyperTerminal, you will now select Transfer > Receive File and select the destination. Once the transfer 
is complete, information similar to the following is displayed: 


Sent 231424 bytes. 
Transfer complete 
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copy http 


Use the copy http command to copy a file located on a network HyperText Transfer Protocol (HTTP) 
server to a specified destination. 


Variations of this command (valid only on AOS units WITH CompactFlash® capability) include: 


copy http <url> cflash <destinationfile> 

copy http <url> cflash <destinationfile> force-overwrite 

copy http <url> cflash <destinationfile> force-overwrite port <port> 
copy http <url> cflash <destinationfile> port <port> 

copy http <ur/> cflash running-config 

copy http <ur/> cflash running-config port <port> 


Variations of this command (valid only on AOS units WITH CompactFlash AND voice capability) 
include: 


copy http <url> dynvoice-config 


Variations of this command (valid on all AOS units) include: 


copy http <url> flash <destinationfile> 

copy http <url> flash <destinationfile> force-overwrite 

copy http <url> flash <destinationfile> force-overwrite port <port> 
copy http <url> flash <destinationfile> port <port> 

copy http <ur/> running-config 

copy http <ur/> running-config port <port> 

copy http <ur/> startup-config 

copy http <ur/> startup-config port <port> 


Syntax Description 


cflash Copies a file from the HTTP server to the CompactFlash card. 

<destinationfile> Specifies where the HTTP URL will be copied. 

dynvoice-config Specifies that the file copied from the HTTP server overwrite the dynamic 
voice configuration file. 

flash Copies a file from the HTTP server to the flash memory. 

force-overwrite Optional. Specifies a force override to copy the file. 

port <port> Optional. Specifies the port used to transfer the specified file from an HTTP 
server. Range is 0 to 65,335. 

running-config Replaces the active running configuration with the file copied from the 
HTTP server. 

startup-config Replaces the startup configuration with the file copied from the HTTP 
server. 

http <url> Specifies the URL of the HTTP server. 
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Default Values 





By default, the port value is 80. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example replaces the current running configuration file with newconfig.txt from the HTTP 
server (10.200.2.4): 


#copy http http://10.200.2.4/newconfigfile.txt running-config 
Initiating HTTP transfer... 

Received 4562 bytes. 

Transfer Complete! 

# 


The following example copies the file myfile.biz from the HTTP server (10.200.2.4) and saves it 
CompactFlash memory (naming the copy newfile.biz): 


#copy http hitp://10.200.2.4/SomeDirectory/AnotherDirectory/newfile.biz cflash newfile.biz 
Address of remote host? 10.200.2.4 

Source filename? myfile.biz 

Destination filename? newfile.biz 

Initiating HTTP transfer... 

Received 45647 bytes. 

Transfer Complete! 

# 
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copy https 


Use the copy https command to copy a file located on a secure socket HyperText Transfer Protocol Secure 
(HTTPS) server to a specified destination using the HTTPS PUT operation. 


Variations of this command (valid only on AOS units WITH CompactFlash® capability) include: 


copy https <url> cflash <destinationfile> 

copy https <url> cflash <destinationfile> force-overwrite 

copy https <url> cflash <destinationfile> force-overwrite port <port> 
copy https <url> cflash <destinationfile> port <port> 

copy https <ur/> cflash running-config 

copy https <url> cflash running-config port <port> 


Variations of this command (valid only on AOS units WITH CompactFlash AND voice capability) 
include: 


copy https <ur/> dynvoice-config 


Variations of this command (valid on all AOS units) include: 


copy https <url> flash <destinationfile> 

copy https <ur/> flash <destinationfile> force-overwrite 

copy https <url> flash <destinationfile> force-overwrite port <port> 
copy https <ur/> flash <destinationfile> port <port> 

copy https <ur/> running-config 

copy https <ur/> cflash running-config port <port> 

copy https <ur/> flash running-config 

copy https <ur/> flash running-config port <port> 

copy https <ur/> startup-config 

copy https <ur/> cflash startup-config port <port> 


Syntax Description 





cflash Copies a file from the HTTPS server to the CompactFlash card. 

<destinationfile> Specifies where the HTTPS URL will be copied. 

dynvoice-config Specifies that the file copied from the HTTPS server overwrite the dynamic 
voice configuration file. 

flash Copies a file from the HTTPS server to the flash memory. 

force-overwrite Optional. Specifies a force override to copy the file. 

port <port> Optional. Specifies the port used to transfer the specified file from an 
HTTPS server. Range is 0 to 65,335. 

running-config Replaces the active running configuration with the file copied from the 
HTTPS server. 

startup-config Replaces the startup configuration with the file copied from the HTTPS 
server. 
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https <url> Specifies the URL of the HTTPS server. 


Default Values 





By default, the port value is 443. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example replaces the current running configuration file with newconfig.txt from the HTTPS 
server (MyWebServer): 


#copy https https://MyWebServer.com/newconfig.txt running-config 
Initiating HTTPS transfer... 

Received 4562 bytes. 

Transfer Complete! 

# 


The following example copies the file myfile.biz from the HTTPS server (10.200.2.4) and saves it 
CompactFlash memory (naming the copy newfile.biz): 


#copy https https://10.200.2.4/newfile.biz cflash newrfile.biz 
Address of remote host? 10.200.2.4 

Source filename? myfile.biz 

Destination filename? newfile.biz 

Initiating HTTPS transfer... 

Received 45647 bytes. 

Transfer Complete! 

# 
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copy running-config 


Use the copy running-config command to create a copy of the current running configuration and replace 


the current startup configuration or save it to a specified memory location (CompactFlash® or system 
flash). 


Variations of this command (valid only on AOS units WITH CompactFlash capability) include: 


copy running-config cflash <filename> 
copy running-config cflash startup-config 
copy running-config flash <filename> 
copy running-config flash startup-config 


Variations of this command (valid only on AOS units WITH CompactFlash AND voice capability) 
include: 


copy running-config dynvoice-config 

copy running-config dynvoice-config tftp 

copy running-config dynvoice-config http <url> 
copy running-config non-dynvoice-config http <ur/> 


Variations of this command (valid on all AOS units) include: 


copy running-config <filename> 
copy running-config http <ur/> 
copy running-config https <ur/> 
copy running-config tftp 

copy running-config xmodem 


Syntax Description 





cflash <filename> Copies the current running configuration and saves it to the CompactFlash 
card using the specified file name. 


flash <filename> Copies the current running configuration and saves it to flash memory using 
the specified file name. 


dynvoice-config Copies the current active voice running configuration and saves it to the 
dynamic voice configuration file. 


dynvoice-config http <url> Optional. Copies the current active voice running configuration and saves it 
to the dynamic voice configuration file. Then initiates a transfer of the newly 
stored dynamic voice configuration file to the specified Hypertext Transfer 
Protocol (HTTP) server. 


dynvoice-config tftp Optional. Copies the current active voice running configuration and saves it 
to the dynamic voice configuration file. Then initiates a transfer of the newly 
stored dynamic voice configuration file to the specified Trivial File Transfer 
Protocol (TFTP) server. 


After entering copy running-config dynvoice-config tftp, AOS prompts 
for the following information: 
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Address of remote host: Specifies the IP address of the TFTP server. 


Destination filename: Specifies the file name to use when storing the 
copied file on the TFTP server. (The file will be 
placed in the default directory established by the 


TFTP server.) 
http <url> Copies the current running configuration file and transfers it to an HTTP 
server using the specified HTTP server URL. Use the HTTP PUT operation. 
https <url> Copies the current running configuration file and transfers it to a secure 


socket Hypertext Transfer Protocol Secure (HTTPS) server using the 
specified HTTPS server URL. Use the HTTPS PUT operation. 


non-dynvoice-config Optional. Copies the current nondynamic portion of the voice running 
configuration and saves it to the nondynamic voice configuration file. Then 
initiates a transfer of the newly stored nondynamic voice configuration file to 
the specified HTTP server. 


startup-config Replaces the startup configuration (located in either CompactFlash or 
system flash) with a copy of the current running configuration. 

tftp Copies the current running configuration to a specified TFTP server. 
After entering copy running-config tftp, AOS prompts for the following 
information: 


Address of remote host: Specifies the IP address of the TFTP server. 


Destination filename: Specifies the file name to use when storing the 
copied file on the TFTP server. (The file will be 
placed in the default directory established by the 
TFTP server.) 


xmodem Copies the current running configuration (using the XMODEM protocol) to 
the terminal connected to the console port. XMODEM capability is provided 
in VT100 terminal emulation software, such as HyperTerminal™. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 16.1 Command was expanded to include HTTP and HTTPS. 


Usage Examples 





The following example copies the current running configuration to the startup configuration located in flash 
memory: 


>enable 

#copy running-config startup-config 
Building configuration... 

Done. Success! 
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The following example copies the current running configuration to CompactFlash memory and names the 
file config_01.txt: 


>enable 

#copy running-config cflash config_01.txt 
Percent Compete 100% 

# 


The following example copies the current running configuration to a TFTP server and names the file 
config_01.txt: 


>enable 

#copy running-config tftp 

Address of remote host? 10.200.2.4 
Destination filename? config_01.txt 
Initiating TFTP transfer... 

Sent 3099 bytes. 

Transfer Complete! 
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copy startup-config 


Use the copy startup-config command to create a copy of the current startup configuration file and replace 


the current running configuration or save it to a specified memory location (CompactFlash® or system 
flash). 


Variations of this command (valid only on AOS units with CompactFlash capability) include: 


copy startup-config cflash <filename> 
copy startup-config flash <filename> 


Variations of this command (valid on all AOS units) include: 


copy startup-config <filename> 
copy startup-config http <ur/> 
copy startup-config https <ur/> 
copy startup-config running-config 
copy startup-config tftp 

copy startup-config xmodem 


Syntax Description 





cflash <filename> Copies the startup configuration and saves it to the CompactFlash card 
using the specified file name. 

flash <filename> Copies the startup configuration and saves it to flash memory using the 
specified file name. 

http <url> Copies the startup configuration file and transfers it to a Hypertext Transfer 
Protocol (HTTP) server using the specified HTTP server URL. Use HTTP 
PUT operation. 

https <url> Copies the startup configuration file and transfers it to a secure socket 


Hypertext Transfer Protocol Secure (HTTPS) server using the specified 
HTTPS server URL. Use HTTPS PUT operation. 
running-config Merges the current running configuration with the startup configuration. 
tftp Copies the current startup configuration to a specified Trivial File Transfer 
Protocol (TFTP) server. 
After entering copy startup-config tftp, AOS prompts for the following 
information: 
Address of remote host: Specifies the IP address of the TFTP server. 
Destination filename: Specifies the file name to use when storing the 
copied file on the TFTP server. (The file will be 
placed in the default directory established by the 
TFTP server.) 
xmodem Copies the current startup configuration (using the XMODEM protocol) to 
the terminal connected to the console port. XMODEM capability is provided 
in VT100 terminal emulation software, such as HyperTerminal™. 
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Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 16.1 Command was expanded to include HTTP and HTTPS. 


Usage Examples 





The following example copies the startup configuration file to the current running configuration: 


>enable 
#copy startup-config running-config 
Opening and applying file... 





Any changes made to the current running configuration of the AOS unit that have not been 
‘one saved to the startup configuration file (using the write command) will be lost when the 
copy startup-config running-config command is entered. 





The following example copies the startup configuration (located in flash memory) to CompactFlash and 
names the file config_01.txt: 


>enable 

#copy startup-config cflash config_01.txt 
Percent Complete 100% 

# 


The following example copies the current startup configuration to a TFTP server and names the file 
startup _01.txt: 


>enable 

#copy startup-config tftp 

Address of remote host? 10.200.2.4 
Destination filename? startup_01.txt 
Initiating TFTP transfer... 

Sent 3099 bytes. 

Transfer Complete! 


The following example copies the current startup configuration to the connected terminal using XMODEM 
protocol: 


>enable 

#copy startup-config xmodem 
Begin the Xmodem transfer now... 
Press CTRL+X twice to cancel 
CCCCCC 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 153 


Command Reference Guide Enable Mode Command Set 





AOS is now ready to transmit the file on the CONSOLE port (using the XMODEM protocol). The next step 
in the process may differ depending on the type of terminal emulation software you are using. For 
HyperTerminal, you will now select Transfer > Receive File and select the destination. Once the transfer 
is complete, information similar to the following is displayed: 


Sent 3704 bytes. 
Transfer complete 


The following example copies the current running configuration to the connected terminal using XMODEM 
protocol: 


>enable 

#copy running-config xmodem 
Begin the Xmodem transfer now... 
Press CTRL+X twice to cancel 
CCCCCC 


AOS is now ready to transmit the file on the CONSOLE port (using the XMODEM protocol). The next step 
in the process may differ depending on the type of terminal emulation software you are using. For 
HyperTerminal, you will now select Transfer > Receive File and select the destination. Once the transfer 
is complete, information similar to the following is displayed: 


Sent 3704 bytes. 
Transfer complete 
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copy tftp 


Use the copy tftp command to copy a file located on a network Trivial File Transfer Protocol (TFTP) 
server to a specified destination. 


Variations of this command (valid only on AOS units WITH CompactFlash® capability) include: 
copy tftp cflash 


Variations of this command (valid only on AOS units WITH CompactFlash AND voice capability) 
include: 


copy tftp dynvoice-config 
Variations of this command (valid on all AOS units) include: 


copy tftp flash 
copy tftp running-config 
copy tftp startup-config 


Syntax Description 





cflash Copies a file from the TFTP server to the CompactFlash card. 

dynvoice-config Specifies that the file copied from the TFTP server overwrite the dynamic 
voice configuration file. 

flash Copies a file from the TFTP server to the flash memory. 

running-config Replaces the active running configuration with the file copied from the TFTP 
server. 

startup-config Replaces the startup configuration with the file copied from the TFTP 
server. 


After entering copy tftp and specifying a destination, AOS prompts for the 
following information: 


Address of remote host: Specifies the IP address of the TFTP server. 


Source filename: Specifies the name of the file to copy from the 
TFTP server. 
Destination filename: Specifies the file name to use when storing the 


copied file to flash memory. (Valid only for the 
copy tftp cflash and copy tftp flash 








commands.) 
Default Values 
No default value necessary for this command. 
Command History 
Release 1.1 Command was introduced. 
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Usage Examples 





The following example replaces the current running-configuration file with newconfig.txt from the TFTP 
server (10.200.2.4): 


#copy tftp running-config 
Address of remote host? 10.200.2.4 
Source filename? newconfig.txt 
Initiating TFTP transfer... 

Received 4562 bytes. 

Transfer Complete! 

# 


The following example copies the file myfile.biz from the TFTP server (10.200.2.4) and saves it 
CompactFlash memory (naming the copy newfile.biz): 


#copy tftp cflash 

Address of remote host? 10.200.2.4 
Source filename? myfile.biz 
Destination filename? newfile.biz 
Initiating TFTP transfer... 

Received 45647 bytes. 

Transfer Complete! 

# 
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copy xmodem 


Use the copy xmodem command to copy a file (using the XMODEM protocol) to a specified destination. 
XMODEM capability is provided in VT100 terminal emulation software, such as HyperTerminal™. 


Variations of this command (valid only on AOS units WITH CompactFlash® capability) include: 


copy xmodem cflash 


Variations of this command (valid only on AOS units WITH CompactFlash AND voice capability) 
include: 


copy xmodem dynvoice-config 
Variations of this command (valid on all AOS units) include: 


copy xmodem flash 
copy xmodem running-config 
copy xmodem startup-config 


Syntax Description 





cflash Copies a file from the terminal connected to the console port and saves it to 
the CompactFlash card. 


dynvoice-config Specifies that the file copied from the terminal connected to the console port 
overwrite the dynamic voice configuration file. 
flash Copies a file from the terminal connected to the console port and saves it to 
flash memory. 
running-config Replaces the active running configuration with a file copied from the 
terminal connected to the console port. 
startup-config Replaces the startup configuration with a file copied from the terminal 
connected to the console port. 
After entering copy xmodem and specifying a destination, AOS prompts 
for the following information: 
Destination filename: Specifies the file name to use when storing the 
copied file to flash memory. (Valid only for the 
copy cflash and copy flash commands.) 


Default Values 





No default value necessary for this command. 


Command History 


Release 1.1 Command was introduced. 
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Usage Examples 





The following example copies a software file (myfile.biz) to flash memory and labels it newfile.biz: 


#copy xmodem flash 
Destination filename? newfile.biz 
Begin the Xmodem transfer now... 
Press CTRL+X twice to cancel 
CCCCCC 


AOS is now ready to accept the file on the CONSOLE port (using the XMODEM protocol). The next step in 
the process may differ depending on the type of terminal emulation software you are using. For 
HyperTerminal, you will now select Transfer > Send File and browse to the file you wish to copy 
myfile.biz. Once the transfer is complete, information similar to the following is displayed: 


Received 531424 bytes. 
Transfer complete 
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debug aaa 


Use the debug aaa command to activate debug messages associated with authentication from the 
authentication, authorization, and accounting (AAA) subsystem. Debug messages are displayed (real time) 
on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. 





oe Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The debug aaa events include connection notices, login attempts, and session tracking. 


Usage Examples 





The following is sample output for this command: 


>enable 

#debug aaa 

AAA: New Session on portal "TELNET 0 (172.22.12.60:4867)'. 
AAA: No list mapped to "TELNET 0'. Using 'default’. 

AAA: Attempting authentication (username/passworda). 

AAA: RADIUS authentication failed. 

AAA: Authentication failed. 

AAA: Closing Session on portal ‘TELNET 0 (172.22.12.60:4867)'. 
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debug access-list <name> 


Use the debug access-list command to activate debug messages (for a specified list) associated with access 
control list (ACL) operation. Debug messages are displayed (real time) on the terminal (or Telnet) screen. 
Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





<name> Specifies a configured ACL. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 


The debug access-list command provides debug messages to aid in troubleshooting ACL issues. 


Usage Examples 





The following example activates debug messages for the ACL labeled MatchAll: 


>enable 
#debug access-list MatchAll 
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debug arp 


Use the debug arp command to activate debug messages associated with IP Address Resolution Protocol 
(ARP) transactions. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the 
no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 


The following example activates debug messages associated with ARP transactions: 


>enable 
#debug arp 
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debug atm events 


Use the debug atm events command to display events on all ATM ports and all virtual circuits. Debug 
messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to 
disable debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 


The following example activates ATM event messages: 


>enable 
#debug atm events 
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debug atm oam 


Use the debug atm oam command to display operation, administration, and maintenance (OAM) packets 
for an ATM virtual circuit descriptor (VCD). Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable debug messages. Variations of this command 
include the following: 


debug atm oam 

debug atm oam <vcd> 

debug atm oam <vcd> loopback end-to-end 

debug atm oam <vcd> loopback end-to-end <LL/D> 
debug atm oam <vcd> loopback segment 

debug atm oam <vcd> loopback segment <LL/D> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<vcd> Optional. Shows OAM packets for a specific VCD. 

loopback Optional. Configures an OAM loopback. 

end-to-end Optional. Configures an end-to-end OAM loopback. 
segment Optional. Configures a segment loopback. 

<LLID> Optional. Specifies 16-byte OAM loopback location ID (LLID). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 


Release 8.1 Command was introduced. 


Usage Examples 





The following example activates ATM OAM debug messages for VCD 1: 


>enable 
#debug atm oam 1 
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debug atm packet 


Use the debug atm packet command to activate debug messages associated with packets on ATM ports 
and virtual circuits. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no 
form of this command to disable the debug messages. Variations of this command include the following: 


debug atm packet 

debug atm packet interface atm <port id> 

debug atm packet interface atm <port id> vcd <number> 
debug atm packet ve <VP//VCI> 





Wo Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 


interface atm <port id> Optional. Activates packet debug messages for a specific ATM port and for 
all virtual circuits. 

ve <VPI/VCI> Optional. Activates packet debug messages for the specified virtual circuit 
identified by the virtual path identifier and virtual channel identifier 
(VPI/VCl). 

ved <number> Optional. Activates packet debug messages for the specified virtual circuit 


descriptors (VCDs). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example activates debug ATM packet debug messages on ATM port 1: 


>enable 
#debug atm packet interface atm 1 
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debug auto-config 


Use the debug auto-config command to activate debug messages associated auto-config events. Debug 
messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to 
disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The example activates debug messages associated with auto-config events: 


>enable 
#debug auto-config 
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debug bridge 


Use the debug bridge command to display messages associated with bridge events. Debug messages are 
displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug 
messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 


The following example activates bridge debug messages: 


>enable 
#debug bridge 
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debug interface cellular 


Use the debug interface cellular command to activate debug messages associated with the cellular 
interface. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of 
this command to disable the debug messages. Variations of this command include: 


debug interface cellular 

debug interface cellular <s/ot/port> 

debug interface cellular <s/ot/port> data 

debug interface cellular <s/ot/port> data-hdlc 
debug interface cellular <s/ot/port> diag-hdlic 
debug interface cellular <s/ot/port> diagnostic 
debug interface cellular <s/ot/port> diagnostic rx 
debug interface cellular <s/ot/port> diagnostic tx 
debug interface cellular <s/ot/oort> download 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





<slot/port> Activates debug messages for the specified cellular interface. 

data Activates debug messages for the handshaking signals on the data 
channel. 

data-hdlic Activates debug messages for high level data link control (HDLC) errors on 
the data channel. 

diag-hdlc Activates debug messages for HDLC errors on the diagnostic channel. 

diagnostic Activates debug messages for all packets. 

diagnostic rx Activates debug messages for packets moving from the cellular interface to 
the network. 

diagnostic tx Activates debug messages for packets moving from the network to the 


cellular interface. 
download Activates debug messages for application downloads. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 17.2 Command was introduced. 
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Usage Examples 





The following example activates error and event debug messages associated with the cellular interface: 


>enable 
#debug interface cellular 
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debug chat-interfaces <chat interface> 


Use the debug chat-interfaces command to activate debug messages associated with chat AT 
command-driven interfaces. Debug messages are displayed (real time) on the terminal (or Telnet) screen. 
Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





<chat interface> Activates debug messages for the specified chat interface identified by the 
slot/port. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates debug messages for the chat interface 0/1: 


>enable 
#debug chat-interfaces 0/1 
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debug color 


Use the debug color command to activate color coding of debug messages. Debug messages are displayed 
(real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the color coding 
of debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





Color coding is based on the debug source and color choices are not configurable. 


Usage Examples 





The following example enables color coding of debug messages: 


>enable 
#debug color 
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debug crypto 


Use the debug crypto command to activate debug messages associated with IKE and IPSec functions. 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. Variations of this command include: 


debug crypto ike 

debug crypto ike client authentication 
debug crypto ike client configuration 
debug crypto ike negotiation 

debug crypto ipsec 

debug crypto pki 





Wo Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





ike Activates all IKE debug messages. 

ike client authentication Optional. Displays IKE client authentication messages as they occur. 

ike client configuration Optional. Displays mode-config exchanges as they take place over the IKE 
SA. It is enabled independently from the debug ike negotiation 
messaging. 

ike negotiation Optional. Activates only IKE key management debug messages (e.g., 
handshaking). 

ipsec Activates all IPSec debug messages. 

pki Activates all public key infrastructure (PKI) debug messages. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 4.1 Command was introduced. 
Release 6.1 Debug pki command introduced. 


Usage Examples 





The following example activates the IPSec debug messages: 


>enable 
#debug crypto ipsec 
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debug data-call 


Use the debug data-call command to activate debug messages associated with data call errors and events. 
Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example activates debug messages associated with data call errors and events: 


>enable 
#debug data-call 
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debug demand-routing 


Use the debug demand-routing command to activate debug messages associated with demand routing 
errors and events. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no 
form of this command to disable debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example activates demand routing error and event messages: 


>enable 
#debug demand-routing 
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debug dial-backup 


Use the debug dial-backup command to activate debug messages associated with dial-backup operation. 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 1.1 Command was introduced. 


Release 2.1 Additional debug messages were implemented for dial-backup operation to 
ADTRAN’s IQ and Express Series products. 


Functional Notes 





The debug dial-backup command activates debug messages to aid in the troubleshooting of dial-backup 
links. 


Usage Examples 





The following example activates debug messages for dial-backup operation: 


>enable 
#debug dial-backup 
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debug dialup-interfaces 


Use the debug dialup-interfaces command to generate debug messages used to aid in troubleshooting 
problems with all dialup interfaces, such as the modem or the BRI cards. Debug messages are displayed 
(real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug 
messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





When enabled, these messages provide status information on incoming calls, dialing and answering 
progress, etc. These messages also give information on why certain calls are dropped or rejected. It is 
beneficial to use this command when troubleshooting dial backup (in addition to the debug dial-backup 
command). 


Usage Examples 





The following example activates the debug messages for dialup interfaces: 


>enable 
#debug dialup-interfaces 
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debug dot11 all 


Use the debug dot11 all command to enable all dot11 debugging for the wireless access controller (AC). 
Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example activates all dot11 debug messages on the AC: 


>enable 
#debug dot11 all 
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debug dot11 client 


Use the debug dot11 client command to enable all dot11 client debugging for the wireless access 
controller (AC). Debugging can also be limited to clients on a specific access point (AP) interface. Debug 
messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to 
disable the debug messages. Variations of this command include: 


debug dot11 client 
debug dot11 client interface dot11ap <ap interface> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<ap interface> Optional. Activates debug messages for the specified AP interface. Range 
is 1 to 8. 


Default Values 
By default, all debug messages in AOS are disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 


The following example activates debug messages for clients on AP interface 1: 


>enable 

#debug dot11 client interface dot11ap 1 

2006.12.23 19:47:04 Dot11 Client: AP(1) Radio(1) VAP(1)Rx associate command from AP for 
00:40:96:AB:3B:5E. 

2006.12.23 19:48:40 Dot11 Client: AP(1) Radio(1) VAP(1)Rx disassociate command from AP for 
00:40:96:AB:3B:5E. 





These debug messages were captured as a wireless client associated and then 
disassociated with the AP. 
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debug dot11 packet-events 


Use the debug dot11 packet-events command to enable debugging for all 802.11 control protocol packet 
events. Debugging can also be limited to a specified interface. Debug messages are displayed (real time) 
on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. 
Variations of this command include: 


debug dot11 packet-events 
debug dot11 packet-events interface <interface> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





interface <interface> Optional. Activates debug messages for the specified interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
debug dot11 packet-events interface ? for a complete list of valid 
interfaces. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 


The following example activates packet-events debug messages on AP interface 1: 


>enable 

#debug dot11 packet-events interface doti1ap 1 

#2006.12.23 18:54:25 Dot11 Packet Events: Rx Echo Req from MAC(00:A0:C8:1D:F8:57) AP(1) 
2006.12.23 18:54:25 Dot11 Packet Events: Tx Echo Resp to MAC(00:A0:C8:1 D:F8:57) AP(1) 
2006.12.23 18:54:29 Dot11 Packet Events: Tx Query Req to MAC(00:A0:C8:1D:F8:57) AP(1) 
2006.12.23 18:54:29 Dot11 Packet Events: Rx Query Resp from MAC(00:A0:C8:1D:F8:57) AP(1) 
2006.12.23 18:54:36 Dot11 Packet Events: Rx Disc Resp from MAC(00:A0:C8:1D:F8:57) AP(1) 
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debug dot11 session 


Use the debug dot11 session command to debug all dot11 sessions for the wireless access controller (AC). 
Debugging may also be limited to a specified interface. Debug messages are displayed (real time) on the 
terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of 
this command include: 


debug dot11 session 
debug dot11 session interface <interface> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





interface <interface> Optional. Activates debug messages for the specified interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
debug dot11 session interface ? for a complete list of valid interfaces. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example activates all dot11 session debug messages: 


>enable 

#debug dot11 session 

2006.12.23 19:56:22 DOT11.Session : AP 1: AP reboot. 

2006.12.23 19:56:22 DOT11.Session : AP 1: Control session lost. 
2006.12.23 19:56:22 DOT11.Session : AP 1: Control session established. 
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debug dynamic-dns 


Use the debug dynamic-dns command to activate debug messages associated with dynamic domain 
naming system (DNS). Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use 
the no form of this command to disable the debug messages. Variations of this command include: 


debug dynamic-dns 
debug dynamic-dns verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





verbose Optional. Activates detailed debug messages. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates dynamic DNS debug messages: 


>enable 
#debug dynamic-dns verbose 
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debug firewall 


Use the debug firewall command to activate debug messages associated with the AOS firewall operation. 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. Variations of this command include: 


debug firewall 
debug firewall vrf <name> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





vrf <name> Optional. Displays debug information for the specified VPN routing and 
forwarding (VRF). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 


Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include the VRF parameter. 


Functional Notes 





The debug firewall command activates debug messages to provide real-time information about the AOS 
stateful inspection firewall operation. 


VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each 
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS 
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless 
of whether multi-VRF is configured. Therefore, executing the abovementioned commands without 
specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example activates the debug messages for the AOS stateful inspection firewall: 


>enable 
#debug firewall 
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The following example activates the debug messages for the VRF instance gray and provides sample 
output: 


>enable 
#debug firewall vrf gray 


2000.05.11 19:29:04 FIREWALL_VRF.Gray = SrcPort: 41801, DstPort: 80 

2000.05.11 19:29:04 FIREWALL_VRF.Gray Selector2: Dir=Public, int=-vlan 309, Protocol=6, VRF Black 
cookie-> vlan 306 

2000.05.11 19:29:04 FIREWALL_VRF.Gray = Srclp: 192.168.10.140, Dstlp: 192.168.9.6 

2000.05.11 19:29:04 FIREWALL_VRF.Gray  SrcPort: 80, DstPort: 41801 

2000.05.11 19:29:04 FIREWALL_VRF.Gray Deleting Association 

2000.05.11 19:29:04 FIREWALL_VRF.Gray Assoc Index = 6242787, Count (total, policy-class) = 127, 
126 

2000.05.11 19:29:04 FIREWALL_VRF.Gray nat source -> 192.168.9.6, flags = 0x2000003F, 0x00000004, 
timeout = 6 
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debug firewall alg sip 


Use the debug firewall alg sip command to activate debug messages associated with Session Initiation 
Protocol (SIP) information with AOS firewall operation. Debug messages are displayed (real time) on the 
terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of 
this command include: 


debug firewall alg sip 
debug firewall alg sip packets 
debug firewall alg sip verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





packets Optional. Activates firewall ALG SIP packet debug messages. 
verbose Optional. Activates detailed debug messages. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 9.3 Command was introduced. 
Release A1 Command expanded to include the packets parameter. 


Usage Examples 





The following example activates debug messages associated with SIP information with AOS firewall 
operation: 


>enable 
#debug firewall alg sip 
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debug frame-relay 


Use the debug frame-relay command to activate debug messages associated with the Frame Relay 
operation. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of 
this command to disable the debug messages. Variations of this command include: 


debug frame-relay events 
debug frame-relay IIc2 
debug frame-relay Imi 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





events Activates debug messages for generic Frame Relay events (such as Frame 
Relay interface state). 

llc2 Activates debug messages for the logical link control layer. 

Imi Activates debug messages for the local management interface (such as 


DLCI status signaling state, etc.). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The debug frame-relay command activates debug messages to aid in the troubleshooting of Frame Relay 
links. 


Usage Examples 





The following example activates all possible debug messages associated with Frame Relay operation: 


>enable 

#debug frame-relay events 
#debug frame-relay lIlc2 
#debug frame-relay Imi 
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debug frame-relay multilink 


Use the debug frame-relay multilink command to activate debug messages associated with Frame Relay 
multilink operation. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the 
no form of this command to disable the debug messages. Variations of this command include: 


debug frame-relay multilink 
debug frame-relay multilink <interface> 
debug frame-relay multilink states 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





<interface> Optional. Activates debug messages for the specified interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
debug frame-relay multilink ? for a complete list of applicable interfaces. 


states Optional. Activates the debug messages for Link Integrity Protocol (LIP). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 


Release 9.1 Command was introduced. 


Usage Examples 





The following example activates debug messages associated with multilink operation for all Frame Relay 
interfaces: 


>enable 
#debug frame-relay multilink 
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debug gvrp bpdus 


Use the debug gvrp bpdus command to display debug messages showing all GARP VLAN Registration 
Protocol (GVRP) configuration messages sent and received on the switch. Debug messages are displayed 
(real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug 
messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





With GVRP enabled on many ports, this command can produce a lot of output. To display these messages 
for individual interfaces, refer to the command debug gvrp interface <interface> on page 187. 


Usage Examples 


The following example displays debug messages showing GVRP configuration messages sent and 
received on Ethernet interface 0/24: 


>enable 

#debug gvrp bpdus 

2000.07.31 23:15:51 GVRP BPDUS.eth 0/24: TX = (Len:2 LeaveAll) (Len:4 JoinIn Vian:1) (End) ... SENT 
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 Empty Vlan:2) (Len:4 Joinin Vlan:20) (end) 
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: TX = (Len:4 JoinIn Vlan:1) (End) ... SENT 

2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 JoinIn Vlan:20) (end) 

2000.07.31 23:16:00 GVRP BPDUS.eth 0/24: RX = (Len:2 LeaveAll) (end) 

# 
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debug gvrp interface <interface> 


Use the debug gvrp interface command to display GARP VLAN Registration Protocol (GVRP) debug 
messages related to a particular interface. Debug messages are displayed (real time) on the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this 
command include: 


debug gvrp interface <interface> bpdus 
debug gvrp interface <interface> vians 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<interface> Activates debug messages for the specified interface. Specify an interface 
in the format <interface type [slot/port | slot/port.subinterface id | interface id 
| interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type debug gvrp 
interface ? for a complete list of applicable interfaces. 


bpdus Displays debug messages showing all GVRP configuration messages sent 
and received on the interface. 


vians Displays debug messages showing all GVRP-related VLAN changes 
occurring on the interface. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example displays debug messages showing GVRP configuration messages sent and 
received on Ethernet interface 0/24: 


>enable 

#debug gvrp interface ethernet 0/24 bpdus 

2000.07.31 23:15:51 GVRP BPDUS.eth 0/24: TX = (Len:2 LeaveAll) (Len:4 JoinIn Vlan:1) (End) ... SENT 
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 Empty Vlan:2) (Len:4 JoinIn Vlan:20) (end) 
2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: TX = (Len:4 JoinIn Vian:1) (End) ... SENT 

2000.07.31 23:15:52 GVRP BPDUS.eth 0/24: RX = (Len:4 JoinIn Vlan:20) (end) 

2000.07.31 23:16:00 GVRP BPDUS.eth 0/24: RX = (Len:2 LeaveAll) (end) 
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debug gvrp vians 


Use the debug gvrp vlans command to display debug messages showing all GARP VLAN Registration 
Protocol (GVRP) VLAN changes. Debug messages are displayed (real time) on the terminal (or Telnet) 
screen. Use the no form of this command to disable the debug messages. Variations of this command 
include: 


debug gvrp vians 
debug gvrp vians <vian id> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<vian id> Optional. Activates debug messages for GVRP-related VLAN changes for 
the specified VLAN. Range is 1 to 4094. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 


With GVRP enabled on many ports, this command can produce a lot of output. To display these messages 
for an individual interface, refer to the command debug gvrp interface <interface> on page 187. 


Usage Examples 





The following example displays debug messages showing GVRP-related VLAN changes for VLAN 1: 


>enable 

#debug gvrp vians 1 

# 

2000.07.31 22:05:42 GVRP VLANS: Creating dynamic VLAN 20 

2000.07.31 22:05:42 GVRP VLANS.eth 0/24: Dynamically adding port to VLAN 20 

# 

2000.07.31 22:05:56 INTERFACE_STATUS.eth 0/24 changed state to down 

2000.07.31 22:06:08 GVRP VLANS.eth 0/24: Dynamically removing port from VLAN 20 
2000.07.31 22:06:08 GVRP VLANS: Last port removed from VLAN 20, destroying VLAN 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 188 


Command Reference Guide Enable Mode Command Set 





debug interface <interface> 


Use the debug interface command to activate debug messages associated with the specified interface. 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





<interface> Activates debug messages for the specified interface. Specify an interface 
in the format <interface type [slot/port | slot/port.subinterface id | interface id 
| interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type debug 
interface ? for a complete list of applicable interfaces. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 3.1 Command was introduced. 

Release 6.1 Command was expanded to include T1 and FXS interfaces. 
Release 7.1 Command was expanded to include FXO interface. 
Release 9.1 Command was expanded to include tunnel interface. 


Functional Notes 


The debug interface command activates debug messages to aid in the troubleshooting of physical 
interfaces. 


Usage Examples 





The following example activates all possible debug messages associated with the Ethernet port: 


>enable 
#debug interface ethernet 
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debug interface adsl events 


Use the debug interface adsl events command to activate debug messages associated with ADSL events. 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 


The following example activates debug messages for ADSL events: 


>enable 
#debug interface adsl events 
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debug ip bgp 


Use the debug ip bgp command to activate debug messages associated with IP Border Gateway Protocol 
(BGP). Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of 
this command to disable the debug messages. Variations of this command include: 


debug ip bgp 

debug ip bgp events 

debug ip bgp in 

debug ip bgp out 

debug ip bgp keepalives 
debug ip bgp updates 
debug ip bgp updates quiet 





your unit. 


or Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





events Optional. Displays significant BGP events such as a neighbor state change. 

in/out Optional. Displays the same information as debug ip bgp, but limits 
messages to the specified direction (in or out). 

keepalives Optional. Displays BGP keepalive packets. 

updates Optional. Displays detailed information on BGP updates for all neighbors. 

updates quiet Optional. Displays summary information about BGP neighbor updates. 
(Note: updates quiet displays a one-line summary of what update displays 
in 104 lines.) 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





If no arguments are given, the debug ip bgp command displays general BGP events, such as 
sent/received message summaries, route processing actions, and results. Keepalive packets are not 
debugged with this command. 
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Usage Examples 





The following example enables debug messages on general outbound BGP messages and events: 


>enable 
#debug ip bgp out 
#07:42:39: BGP OUT 10.15.240.1[2]: Transmitting msg, type=UPDATE (2), len=142 
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debug ip dhcp-client 


Use the debug ip dhep-client command to activate debug messages associated with Dynamic Host 
Configuration Protocol (DHCP) client operation in AOS. Debug messages are displayed (real time) to the 
terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of 
this command include: 


debug ip dhcp-client 
debug ip dhcp-client <interface> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<interface> Optional. Specifies an interface to which an IP address can be assigned in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
an Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for 
an ATM subinterface, use atm 1.1; and for a wireless virtual access point, 
use doti1ap 1/1.1. Type debug ip dhcp-client ? for a list of valid 
interfaces. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 2.1 Command was introduced. 
Release 16.1 Command was expanded to include interface parameters. 


Functional Notes 





The debug ip dhcp-client command activates debug messages to provide information on DHCP client 
activity in AOS. The AOS DHCP client capability allows interfaces to dynamically obtain an IP address 
from a network DHCP server. 


Usage Examples 





The following example activates debug messages associated with DHCP client activity: 


>enable 
#debug ip dhcp-client 
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The following example gives sample output from debug ip dhcp-client activation on an Ethernet interface: 


#debug ip dhcp-client 

2007.06.25 13:39:04 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:04 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:04 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:06 DHCP.CLIENT eth 0/1 
c6d 

2007.06.25 13:39:06 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 
c6d 

2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 
6d 

2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 
d 

2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 
2007.06.25 13:39:07 DHCP.CLIENT eth 0/1 


.16 Processing Renew 

.16 Loading timer 1 with 1 seconds 

.16 Loading timer 2 with 3 seconds 

.16 Sending Discover Message: Xid = 42d05 


.16 Loading timer 1 with 3 seconds 

.16 Timer 2 Expired 

.16 Processing Offer Message: Xid = 42d05 
.16 Sending Request Message: Xid = 42d05c 


.16 Loading timer 1 with 2 seconds 
.16 Processing Ack Message: Xid = 42d05c6 


.16 Loading timer 1 with 43200 seconds 
.16 Loading timer 2 with 64800 seconds 
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debug ip dhcp-server 


Use the debug ip dhcp-server command to activate debug messages associated with Dynamic Host 
Configuration Protocol (DHCP) server operation in AOS. Debug messages are displayed (real time) to the 
terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of 
this command include: 


debug ip dhcp-server 
debug ip dhcp-server vrf <name> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 


vrf <name> Optional. Displays debug information for the specified VRF. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include the VRF parameter. 


Functional Notes 





The debug ip dhcp-server command activates debug messages to provide information on DHCP server 
activity in AOS. The AOS DHCP server capability allows AOS to dynamically assign IP addresses to hosts 
on the network. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example activates debug messages associated with DHCP server activity only on the default 
VRF: 


>enable 
#debug ip dhcp-server 
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The following example activates debug messages associated with SHCP server activity on the VRF 
instance RED: 


>enable 

#debug ip dhcp-server vrf RED 

# 

#2007.10.15 09:21:26 DHCP.SERVER Processing Discover Message (Xid = 230e4558) on 
192.168.20.0/255.255.255.0 from 00:A0:C8:0D:E9:AD vrf=RED 

2007.10.15 09:21:27 DHCP.SERVER Offering IP Address 192.168.20.2 to 00:A0:C8:0D:E9:AD vrf=RED 

2007.10.15 09:21:27 DHCP.SERVER Server sent an Offer to the client vrfi=RED 

2007.10.15 09:21:27 DHCP.SERVER Processing Request Message (Xid = 230e4558) on 
192.168.20.0/255.255.255.0 from 00:A0:C8:0D:E9:AD vrf=RED 

2007.10.15 09:21:27 DHCP.SERVER Server sent an Ack to the client vrf=RED 
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debug ip dns-client 


Use the debug ip dns-client command to activate debug messages associated with domain naming system 
(DNS) client operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) 
screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The debug ip dns-client command activates debug messages to provide information on DNS client 
activity in AOS. The IP DNS capability allows for DNS-based host translation (name-to-address). 


Usage Examples 





The following example activates debug messages associated with DNS client activity: 


>enable 
#debug ip dns-client 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 197 


Command Reference Guide Enable Mode Command Set 





debug ip dns-proxy 


Use the debug ip dns-proxy command to activate debug messages associated with domain naming system 
(DNS) proxy operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) 
screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The debug ip dns-proxy command activates debug messages to provide information on DNS proxy 
activity in AOS. The IP DNS capability allows for DNS-based host translation (name-to-address). 


Usage Examples 





The following example activates debug messages associated with DNS proxy activity: 


>enable 
#debug ip dns-proxy 
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debug ip dns-table 


Use the debug ip dns-table command to activate debug messages associated with domain naming system 
(DNS) table operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) 
screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 


The debug ip dns-table command activates debug messages to provide information on DNS table activity 
in AOS. The IP DNS capability allows for DNS-based host translation (name-to-address). 


Usage Examples 





The following example activates debug messages associated with DNS table activity: 


>enable 
#debug ip dns-table 
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debug ip flow 


Use the debug ip flow command to display debug messages associated with integrated traffic monitoring 
(ITM) operation. Use the no form of this command to disable the debug messages. Variations of this 
command include: 


debug ip flow cache entry 
debug ip flow cache expiration 
debug ip flow export 





or Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





cache entry Specifies a debug message will be generated every time traffic flow data is 
added to the flow cache. 


cache expiration Specifies a debug message will be generated every time traffic flow data 
expires from the flow cache. 


export Specifies a debug message will be generated every time a message is sent 
to an external data collector. 


Defaults 





By default, debug messages are disabled. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example enables debug messages for the ip flow export command and gives sample 
output: 


#debug ip flow export 
#show run 
ip flow export destination 10.22.22.254 3000 
ip flow export vrf BLUE destination 172.16.4.5 65774 


“Dec 18 22:45:43: IPFLOW: Sent export pkt #32958 to 10.22.22.254:3000 
“Dec 18 22:45:43: IPFLOW: Sent export pkt #32958 to 172.16.4.5:65774 (BLUE) 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 200 


Command Reference Guide Enable Mode Command Set 





The following is sample output from the debug ip flow cache expiration command: 


#debug ip flow cache expiration 

#show run 

interface shdsl 2/1 
16:38:37: FLOW.CACHE: Expired 10.23.197.244:23 > 172.22.77.208: 1188 out eth 0/1 <T=0/P=6> 
16:38:37: FLOW.CACHE: “Idle Time = 60, Active Time = 60 

interface adsl 1/1 
16:39:20: FLOW.CACHE: Expired 10.23.197.244.23 > 172.22.77.208:1189 out eth 0/1 <T=0/P=6> 
16:39:20: FLOW.CACHE: “Idle Time = 60, Active Time = 90 


The following is an output sample from the debug ip flow cache entry command: 


#debug ip flow cache entry 
#show run 
16:52:20: FLOW.CACHE: Added 172.22.77.208: 1189 > 10.23.197.244: 23 in eth 0/1 <T=0/P=6> 
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debug ip ftp-server 


Use the debug ip ftp-server command to activate debug messages associated with File Transfer Protocol 
(FTP) server events in the AOS device. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 


The debug ip ftp-server command activates debug messages to provide information on FTP server 
activity in AOS. The FTP server capability allows for fast file management and transport for local or remote 
devices. 


Usage Examples 


The following example activates debug messages associated with FTP server activity: 


>enable 
#debug ip ftp-server 
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debug ip http client 


Use the debug ip http client command to activate debug messages associated with HyperText Transfer 
Protocol (HTTP) client operation in AOS. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. 





oe Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example activates debug messages associated with HTTP client activity: 


>enable 
#debug ip http client 
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debug ip http server 


Use the debug ip http server command to activate debug messages associated with HyperText Transfer 
Protocol (HTTP) server operation in AOS. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this 
command include: 


debug ip http server 
debug ip http server verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





verbose Optional. Activates detailed debug messages for HTTP operation. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 6.1 Command was introduced. 
Release 15.1 Command was updated. 


Usage Examples 





The following example activates debug messages associated with HTTP server activity: 


>enable 
#debug ip http server 
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debug ip icmp 


Use the debug ip icmp command to show all Internet Control Message Protocol (ICMP) messages as they 
come into the router or are originated by the router. If an optional keyword (send or recy) is not used, all 
results are displayed. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the 
no form of this command to disable the debug messages. Variations of this command include: 


debug ip icmp 
debug ip icmp send 
debug ip icmp recv 





Wo Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





send Optional. Displays only ICMP messages sent by the router. 
recv Optional. Displays only ICMP messages received by the router. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example activates the debug ip icmp send and receive messages for AOS: 


>enable 

#debug ip icmp 

ICMP SEND: From (0.0.0.0) to (172.22.14.229) Type=8 Code=0 Length=72 Details:echo request 

ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=0 Code=0 Length=72 Details:echo reply 

ICMP SEND: From (0.0.0.0) to (172.22.14.229) Type=8 Code=0 Length=72 Details:echo request 

ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=0 Code=0 Length=72 Details:echo reply 

ICMP RECV: From (172.22.255.200) to (10.100.23.19) Type=11 Code=0 Length=36 Details:TTL equals 0 
during transit 

ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=3 Code=3 Length=36 Details:port 
unreachable 

ICMP RECV: From (172.22.14.229) to (10.100.23.19) Type=3 Code=3 Length=36 Details:port 
unreachable 
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debug ip igmp 


Use the debug ip igmp command to enable debug messages for Internet Group Management Protocol 
(IGMP) transactions (including helper activity). Debug messages are displayed (real time) on the terminal 
(or Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this 
command include: 


debug ip igmp 
debug ip igmp </p address> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<ijp address> Optional. Specifies the IP address of a multicast group. IP addresses should 
be expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 


No default value necessary for this command. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 


The following example enables IGMP debug messages for the specified multicast group: 


>enable 
#debug ip igmp 224.1.1.1 
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debug ip igmp snooping 


Use the debug ip igmp snooping command to enable debug messages for Internet Group Management 
Protocol (IGMP) snooping errors and events. Debug messages are displayed (real time) on the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this 
command include: 


debug ip igmp snooping 
debug ip igmp snooping verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





verbose Optional. Enables detailed debug messages. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example enables IGMP snooping debug messages: 


>enable 
#debug ip igmp snooping 
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debug ip mrouting 


Use the debug ip mrouting command to activate debug messages associated with multicast table routing 
events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of 
this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 


The following sample activates ip mrouting debug messages: 


>enable 
#debug ip mrouting 
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debug ip ospf 


Use the debug ip ospf command to activate debug messages associated with open shortest path first 
(OSPF) routing operations. Debug messages are displayed (real time) to the terminal (or Telnet) screen. 
Use the no form of this command to disable the debug messages. Variations of this command include: 


debug ip ospf 

debug ip ospf adj 

debug ip ospf database-timer 
debug ip ospf events 

debug ip ospf flood 

debug ip ospf hello 

debug ip ospf Isa-generation 
debug ip ospf packet 

debug ip ospf retransmission 
debug ip ospf spf 

debug ip ospf tree 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





adj Displays OSPF adjacency events. 

database-timer Displays OSPF database timer. 

events Displays OSPF events. 

flood Displays OSPF flooding. 

hello Displays OSPF hello events. 

Isa-generation Displays OSPF link state advertisement (LSA) generation. 
packet Displays OSPF packets. 

retransmission Displays OSPF retransmission events. 

spf Displays OSPF shortest-path-first (SPF) calculations. 
tree Displays OSPF database tree. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 3.1 Command was introduced. 
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Usage Examples 





The following is an example of debug ip ospf command results: 


>enable 

#debug ip ospf flood 

OSPF: Update LSA: id=c0a8020d rtid=192.168.2.13 area=11.0.0.0 type=1 
OSPF: Update LSA: id=0b003202 rtid=11.0.50.2 area=11.0.0.0 type=1 
OSPF: Queue delayed ACK lasid=0b003202 Isartid=11.0.50.2 nbr=11.0.50.2 
OSPF: Rx ACK lasid=c0a8020d Isartid=192.168.2.13 nbr=11.0.50.2 

OSPF: Received LSA ACK LSA_ID=-64.-88.2.13 LSA_RT_ID=-64.-88.2.13 
OSPF: Rx ACK lasid=00000000 Isartid=192.168.2.13 nbr=11.0.50.2 
OSPF: Received LSA ACK LSA_ID=0.0.0.0 LSA_RT_ID=-64.-88.2.13 
OSPF: Sending delayed ACK 

OSPF: Update LSA: id=c0a8020d rtid=192.168.2.13 area=11.0.0.0 type=1 
OSPF: Flooding out last interface 

OSPF: Update LSA: id=0b003202 rtid=11.0.50.2 area=11.0.0.0 type=1 
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debug ip packet 


Use the debug ip packet command to display debug messages for every IP packet forwarded through the 
unit. Adding the VRF name to this command displays debug information only for the named VRF. Debug 
messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to 
disable debug messages. Variations of this command include the following: 


debug ip packet 

debug ip packet detail 

debug ip packet dump 

debug ip packet <ac/ name> 

debug ip packet <ac/ name> detail 

debug ip packet <ac/ name> dump 

debug ip packet any-vrf 

debug ip packet any-vrf <ac/ name> 

debug ip packet any-vrf <ac/ name> detail 
debug ip packet any-vrf <ac/ name> dump 
debug ip packet any-vrf detail 

debug ip packet any-vrf dump 

debug ip packet vrf <name> 

debug ip packet vrf <name> <ac/l name> 
debug ip packet vrf <name> <ac/ name> detail 
debug ip packet vrf <name> <ac/ name> dump 
debug ip packet vrf <name> detail 

debug ip packet vrf <name> dump 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





detail Optional. Displays IP packet detailed information. 


dump Optional. Displays IP packet detailed information, as well as a hex dump of 
the packets payload. 
Note: The console stream can be captured to a log file and used as an input 
file for display with ETHEREAL/Wireshark by using text2pcap.exe, which is 
a part of the ETHEREAL/Wireshark distribution. 


Execute as follows: text2pcap -I 101 </nput_file> <output_file> 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 211 


Command Reference Guide Enable Mode Command Set 





Next, open the output file with ETHEREAL/Wireshark for display and 
decode. The typical lower layer information in ETHEREAL/Wireshark may 
not be present. This converted capture file is treated as a raw IP capture 
and also has no timestamp data. Remember to take advantage of access 
control lists (ACLs) to narrow down the amount of data being processed 
with this facility. This is a CPU-intensive operation, and also disables any 
fast flow/fast cache routing. 


<acl name> Optional. Displays debug information for a specific ACL. 
any-vrf Optional. Displays debug information for all VRFs, including the default. 
vrf <name> Optional. Displays debug information for the specified VRF. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 12.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is sample output for the debug ip packet command, which provides debug information for 
the default VRF only: 


>enable 
#debug ip packet 


eth 0/2 
eth 0/1 
eth 0/2 
eth 0/1 


IP: s= 192.168.8.101 (eth 0/1) d=192.168.7.2 
IP: s= 192.168.7.2 (eth 0/2) d=192.168.8.101 
IP: s= 192.168.8.101 (eth 0/1) d=192.168.7.2 
IP: s= 192.168.7.2 (eth 0/2) d=192.168.8.101 


g= 192.168.7.2, forward 
g= 192.168.8.101, forward 
g= 192.168.7.2, forward 
g= 192.168.8.101, forward 


Damn mm 
YS re wre wm 


Where: 


$=192.168.8.101 (eth 0/1) indicates source address and interface of received packet. 

d=192.168.7.2 (eth 0/2) indicates destination address and interface from which the packet is being sent. 
g=192.168.7.2 indicates the address of the next hop gateway. 

forward indicates the router is forwarding this packet. 
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The following is sample output for the debug ip packet vrf <vrf name> command for the VRF named Red: 


>enable 
#debug ip packet vrf RED 


IP: 
IP: 
IP: 
IP: 
IP: 


s=192.168.1.100 (eth 0/1.4) d=192.168.1.255 (Loopback), vrf=RED, rcvd 

s=192.168.1.101 (eth 0/1.4) d=192.168.1.1 (Loopback), vrf=RED, rcvd 

s=192.168.1.1 (Loopback) d=192.168.1.101 (eth 0/1.4) g=192.168.1.101, vrf=RED, forward 
s=192.168.1.100 (eth 0/1.4) d=192.168.1.1 (Loopback), vrf=RED, rcvd 

s=192.168.1.1 (Loopback) d=192.168.1.100 (eth 0/1.4) g=192.168.1.100, vrf=RED, forward 


Where: 


revd indicates the router received this packet. 


The following is sample output for the debug ip packet any-vrf command: 


>enable 
#debug ip packet any-vrf 


IP 
IP 
IP 
IP: 
IP: 
IP: 
IP: 
IP: 


> $=192.168.1.15 (eth 0/1.1) d=192.168.1.1 (Loopback), rcvd 
:$=192.168.1.1 (Loopback) d=192.168.1.15 (eth 0/1.1) g=192.168.1.15, forward 
> $=192.168.1.101 (eth 0/1.4) d=255.255.255.255 (Loopback), vrf=RED, rcvd 


s=192.168.1.1 (Loopback) d=192.168.1.101 (eth 0/1.4) g=192.168.1.101, vrf=RED, forward 
$=192.168.2.33 (eth 0/1.3) d=192.168.2.1 (Loopback), vrf=BLU, rcvd 

s=192.168.2.1 (Loopback) d=192.168.2.33 (eth 0/1.3) g=192.168.2.33, vrf=BLU, forward 
s=192.168.1.101 (eth 0/1.4) d=192.168.1.1 (Loopback), vrf=RED, rcvd 

s=192.168.1.1 (Loopback) d=192.168.1.101 (eth 0/1.4) g=192.168.1.101, vrf=RED, forward 


Where: 


if the vrf=<name> statement is not present, the packet was present on the default VRF. 
vrf=<name> indicates the non-default VRF from which the packet was received. 
forward indicates the router transmitted this packet. 

g=X.x.x.x indicates the next-hop IP address to which the packet was forwarded. 
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debug ip pim-sparse 


Use the debug ip pim-sparse command to display all protocol-independent multicast (PIM) sparse mode 
information. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form 
of this command to disable debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example activates all PIM sparse mode messages: 


>enable 
#debug ip pim-sparse 
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debug ip pim-sparse assert 


Use the debug ip pim-sparse assert command to display debug messages associated with 
protocol-independent multicast (PIM) sparse assert transactions. Debug messages are displayed (real time) 
to the terminal (or Telnet) screen. Use the no form of this command to disable debug messages. Variations 
of this command include: 


debug ip pim-sparse assert 

debug ip pim-sparse assert event 

debug ip pim-sparse assert event <multicast address> 
debug ip pim-sparse assert state 

debug ip pim-sparse assert state <multicast address> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 


event Optional. Displays PIM sparse assert events. 
state Optional. Displays PIM sparse assert state changes. 
<multicast address> Optional. Specifies multicast group IP address to filter. The multicast group 


IP address range is 244.0.0.0 to 239.255.255.255 or 224.0.0.0 /4. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates all PIM sparse assert event messages: 


>enable 

#debug ip pim-sparse assert event 

14:25:05: PIMSM: Assert - MRoute (*, 239.255.255.250, eth 0/2) processed Received Join in Nolnfo state 

14:25:29: PIMSM: Assert - MRoute (10.100.13.240, 239.192.19.136, eth 0/2) processed Received Join in 
Nolnfo state 

14:25:29: PIMSM: Assert - MRoute (*, 239.192.19.136, eth 0/2) processed Received Join in Nolnfo state 

14:26:05: PIMSM: Assert - MRoute (*, 239.255.255.250, eth 0/2) processed Received Join in Nolnfo state 
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debug ip pim-sparse hello 


Use the debug ip pim-sparse hello command to display protocol-independent multicast (PIM) sparse 
mode hello transactions. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use 
the no form of this command to disable debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example activates PIM sparse mode hello messages: 


>enable 
#debug ip pim-sparse hello 
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debug ip pim-sparse joinprune 


Use the debug ip pim-sparse joinprune command to display protocol-independent multicast (PIM) 
sparse mode join and prune transactions. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable debug messages. Variations of this command 
include: 


debug ip pim-sparse joinprune 

debug ip pim-sparse joinprune event 

debug ip pim-sparse joinprune event <multicast address> 
debug ip pim-sparse joinprune state 

debug ip pim-sparse joinprune state <multicast address> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 


event Optional. Displays PIM sparse join and prune events. 
state Optional. Displays PIM sparse join and prune state changes. 
<multicast address> Optional. Specifies multicast group IP address to filter. The multicast group 


IP address range is 244.0.0.0 to 239.255.255.255 or 224.0.0.0 /4. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates PIM sparse mode messages for all join and prune events and state 
changes: 


>enable 

#debug ip pim-sparse joinprune 

14:27:05: PIMSM: Processed JOIN(*, 239.255.255.250) from 10.10.10.2 

14:27:29: PIMSM: Processed JOIN(10.100.13.240, 239.192.19.136) from 10.10.10.2 
14:27:29: PIMSM: Processed JOIN(*, 239.192.19.136) from 10.10.10.2 

14:27:56: PIMSM: Sent JOIN(10.100.13.240, 239.192.19.136) to 10.100.13.240 
14:28:05: PIMSM: Processed JOIN(*, 239.255.255.250) from 10.10.10.2 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 217 


Command Reference Guide Enable Mode Command Set 





debug ip pim-sparse packets 


Use the debug ip pim-sparse packets command to display protocol-independent multicast (PIM) sparse 
mode packet information. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use 
the no form of this command to disable debug messages. Variations of this command include: 


debug ip pim-sparse packets 

debug ip pim-sparse packets in 

debug ip pim-sparse packets in </interface> 
debug ip pim-sparse packets out 

debug ip pim-sparse packets out <interface> 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 


in Optional. Displays messages for inbound PIM sparse packets 
out Optional. Displays messages for outbound PIM sparse packets. 
<interface> Optional. Specifies an interface in the format <interface type [slot/port | 


slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type debug ip pim-sparse packets ? for a list of valid 
interfaces. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates all PIM sparse packet messages (both inbound and outbound): 


>enable 
#debug ip pim-sparse packets 
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debug ip pim-sparse register 


Use the debug ip pim-sparse register command to display protocol-independent multicast (PIM) sparse 
source registration messages. Debug messages are displayed (real time) to the terminal (or Telnet) screen. 
Use the no form of this command to disable debug messages. Variations of this command include: 


debug ip pim-sparse register 

debug ip pim-sparse register event 

debug ip pim-sparse register event <multicast address> 
debug ip pim-sparse register state 

debug ip pim-sparse register state <multicast address> 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 


event Optional. Displays PIM sparse register events. 
state Optional. Displays PIM sparse register state changes. 
<multicast address> Optional. Specifies multicast group IP address to filter. The multicast group 


IP address range is 244.0.0.0 to 239.255.255.255 or 224.0.0.0 /4. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example activates all PIM sparse registration changes: 


>enable 

#debug ip pim-sparse register 

18:14:22: PIMSM: Registered new source (10.100.13.240, 239.192.19.136) from 10.10.10. 1 
18:14:22: PIMSM: RegisterStop(10.100.13.240, 239.192.19.136) sent to 10.10.10.1 
18:14:53: PIMSM: RegisterStop(10.100.13.240, 239.192.19.136) sent to 10.10.10.1 
18:16:17: PIMSM: RegisterStop(10.100.13.240, 239.192.19.136) sent to 10.10.10. 1 
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debug ip policy 


Use the debug ip policy command to display policy-based routing events. Debug messages are displayed 
(real time) to the terminal (or Telnet) screen. Use the no form of this command to disable debug messages. 
Variations of this command include the following: 


debug ip policy 
debug ip policy <ac/ name> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 


<acl name> Optional. Displays debug information only for the specified access control 
list (ACL). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 
Release 16.1 Command was expanded to filter based on an ACL. 


Usage Examples 





The following example creates a standard ACL named PVT which permits packets sourced from the 
10.22.0.0/16 network and displays only these policy-based routing event messages: 


>enable 

#ip access-list standard PVT 
#permit 10.22.0.0 0.0.255.255 
#deny any 

#debug ip policy PVT 
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debug ip rip 


Use the debug ip rip command to activate debug messages associated with Routing Information Protocol 
(RIP) operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use 
the no form of this command to disable the debug messages. Variations of this command include: 


debug ip rip 
debug ip rip events 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





events Optional. Displays only RIP protocol events. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The debug ip rip command activates debug messages to provide information on RIP activity in AOS. RIP 
allows hosts and routers on a network to exchange information about routes. 


Usage Examples 





The following example activates debug messages associated with RIP activity: 


>enable 
#debug ip rip 
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debug ip routing 


Use the debug ip routing command to activate debug messages associated with routing table events. 
Adding the VRF name to this command displays debug information for the named VRF. Debug messages 
are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable the 
debug messages. Variations of this command include the following: 


debug ip routing 
debug ip routing vrf <name> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





vif <name> Optional. Displays debug information only for the specified VRF. If a VRF is 
not specified, the unnamed default VRF is assumed. 


Default Values 


No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example activates debug messages associated with routing table events: 


>enable 
#debug ip routing 
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The following example activates the debug messages associated with routing table events on the 
nondefault VRF named RED and provides sample output: 


>enable 
#debug ip routing vrf RED 


ip route vrf RED 1.2.3.0 255.255.255.0 192.168.10.10 

15:32:29: ROUTING: Add route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED 
15:32:29: ROUTING: Remove route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED 
15:32:29: ROUTING: Add route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED 
15:32:29: ROUTING: Remove route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED 
15:32:29: ROUTING: Add route for 1.2.3.0/24 nh=192.168.10.10 vrf=RED 


Where: 


nh=192.168.10.10 indicates the next hop address. 
vrf=RED indicates the nondefault VRF where the route is present. 
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debug ip rtp quality-monitoring 


Use the debug ip rtp quality-monitoring command to display voice quality monitoring (VQM) event 
debug messages (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable 
debug messages. Variations of this command include the following: 


debug ip rtp quality-monitoring 

debug ip rtp quality-monitoring packets 

debug ip rtp quality-monitoring packets rtcp 

debug ip rtp quality-monitoring packets rtp 

debug ip rtp quality-monitoring packets round-trip-delay 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 


packets Optional. Displays VQM debug events of voice traffic packets. 


packets rtcp Optional. Displays VQM debug messages for RTP Control Protocol (RTCP) 
packet events. 


packets rtp Optional. Displays VQM debug messages for Realtime Transport Protocol 
(RTP) packet events. 


packets round-trip-delay Optional. Displays VQM debug messages for round-trip delay mechanism 
events. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was included in the AOS voice products. 


Usage Examples 





The following example activates RTP packets debug messages for VQM: 


>enable 

#debug ip rtp quality-monitoring packets rtp 

2007.10.23 17:35:06 VQM.PACKET RTCP Sender SSRC=1244609021 

2007.10.23 17:35:06 VQM.PACKET RTCP_ NTP timestamp (MSW)=3402167683 (Oxcac8f583) 
2007.10.23 17:35:06 VQM.PACKET RTCP_ NTP timestamp (LSW)=1116355952 (0x428a3d70) 
2007.10.23 17:35:06 VQM.PACKET RTCP_ RTP timestamp=3990799999 

2007.10.23 17:35:06 VQM.PACKET RTCP SSRC=1919245558 

2007.10.23 17:35:06 VQM.PACKET RTCP_ Last SR timestamp=4119950126 (0xf591732e) 
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2007.10.23 17:35:06 VQM.PACKET RTCP 
2007.10.23 17:35:06 VQM.PACKET RTCP 


Delay since last SR timestamp=1 7567 1 
handle=0x61 7981 Oebu 


2007.10.23 17:35:09 VQM.PACKET RTCP Rx RTCP SR pkt from 10.22.41.91 


2007.10.23 17:35:09 VQM.PACKET RTCP 
0.22.41.52 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 
2007.10.23 17:35:09 VQM.PACKET RTCP 


call-ID=30bbb4084 1 7e519a00be27ac15d5776b@1 


Sender SSRC=1919245558 

NTP timestamp (MSW)=3402167702 (Oxcac8f596) 
NTP timestamp (LSW)=1932399624 (0x732e1408) 
RTP timestamp=2621875150 

SSRC=1244609021 

Last SR timestamp=4119020170 (0xf583428a) 
Delay since last SR timestamp=151436 
handle=0x6524010g all 
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debug ip tcp 


Use the debug ip tep command to activate debug messages associated with significant Transmission 
Control Protocol (TCP) events, such as state changes, retransmissions, session aborts, etc., in AOS. Debug 
messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to 
disable the debug messages. Variations of this command include: 


debug ip tcp 
debug ip tcp events 





These debug events are logged for packets that are sent or received from the router. 
Forwarded TCP packets are not included. 


Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 








Syntax Description 





events Optional. Displays only TCP protocol events. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





In the debug ip tcp events information, TCB stands for TCP task control block. The numbers which 
sometimes appear next to TCB (e.g., TCB5 in the following example) represent the TCP session number. 
This allows you to differentiate debug messages for multiple TCP sessions. 
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Usage Examples 





The following is sample output for this command: 


>enable 

#debug ip tcp events 

2003.02.17 07:40:56 IP. TCP EVENTS TCP: Allocating block 5 

2003.02.17 07:40:56 IP. TCP EVENTS TCB5: state change: FREE->SYNRCVD 

2003.02.17 07:40:56 IP.TCP EVENTS TCB5: new connection from 172.22.75.246:3473 to 
10.200.2.201:23 

2003.02.17 07:40:56 IP TCP EVENTS TCB5: state change: SYNRCVD->ESTABLISHED 
[172.22.75.246:3473] 

2003.02.17 07:41:06 IR TCP EVENTS TCB5: Connection aborted -- error = RESET 

2003.02.17 07:41:06 IR TCP EVENTS TCB5: De-allocating tcb 
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debug ip tcp md5 


Use the debug ip tcp md5 command to activate debug messages that detail the results of each incoming 
Transmission Control Protocol (TCP) packet’s MDS5 authentication with an internal route in AOS. Debug 
messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to 
disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Debug messages will only be generated for TCP ports that have MD5 authentication enabled. 


Usage Examples 





The following example activates debug messages associated with incoming TCP packet’s MD5 
authentication: 


>enable 
#debug ip tcp md5 
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debug ip tftp 


Use the debug ip tftp packets command to activate debug messages associated with Trivial File Transfer 
Protocol (TFTP) packets. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use 
the no form of this command to disable the debug messages. Variations of this command include: 


debug ip tftp client packets 
debug ip tftp server events 
debug ip tftp server packets 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





client packets Activates TFTP client packet debug messages. 
server events Activates TFTP server event debug messages. 
server packets Activates TFTP server packet debug messages. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 
Release 14.1 Command changed from debug tftp to debug ip tftp. 


Usage Examples 


The following example activates debug messages associated with TFTP server packets: 


>enable 
#debug ip tftp server packets 
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debug ip udp 


Use the debug ip udp command to activate debug messages associated with User Datagram Protocol 
(UDP) send and receive events in AOS. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. 





Wor These debug events are logged for packets that are sent or received from the router. 


Forwarded UDP packets are not included. 








The overhead associated with this command takes up a large portion of your router's 
resources and at times can halt other router processes. It is best to only use the command 

UT during times when the network resources are in low demand (nonpeak hours, weekends, 
etc.). 








Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 








Syntax Description 





No subcommanas. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





In the debug ip udp information, the message no listener means that there is no service listening on this 
UDP port (i.e., the data is discarded). 


Usage Examples 





The following is sample output for this command: 


>enable 

#debug ip udp 

2003.02.17 07:38:48 IP.UDP RX: src=10.200.3.236:138, dst=10.200.255.255:138, 229 bytes, no listener 

2003.02.17 07:38:48 IP.UDP RX: src=10.200.2.7:138, dst=10.200.255.255:138, 227 bytes, no listener 

2003.02.17 07:38:48 IP-UDP RX: src=10.200.201.240:138, dst=10.200.255.255:138, 215 bytes, no 
listener 
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debug ip urlfilter 


Use the debug ip urlfilter command to display a summary of debug information for all URL filters being 
used. Debug messages are displayed (real time) to the terminal (or Telnet) screen. The verbose option 
gives more detailed information. Use the no form of this command to disable debug messages. Variations 
of this command include: 


debug ip urlfilter 
debug ip urlfilter verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





verbose Optional. Enables detailed debug messages. 


Default Values 





By default, all debug messages are disabled. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example shows the debug summary for all URL filters being used: 
>enable 
#debug ip urlfilter 


2005.11.06 05:31:52 Connected to a Websense server 
2005.11.06 05:33:26 Allowed http://www.adtran.com/ 
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debug ip urlfilter top-websites 


Use the debug ip urlfilter top-websites command to display the times at which the generated top websites 
lists merge (as the 15-minute list is rolled into the hourly list, the hourly list into the daily list, and so on). 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages are disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 


The following example shows the debug summary for top websites reporting: 


>enable 
#debug ip urlfilter top-websites 


P2007.05.08 09:55:00 Merging displayed 15 minute list into hour list 
2007.05.08 09:55:00 Merging hour list into twenty-four hour list 

2007.05.08 09:55:00 Validating timers; timerAdj=0, update=0, lastThen=462 
2007.05.08 09:55:00 Scheduled next run in 900; timerAdj=0, nowUpTime=462, 
last Period=306 
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debug isdn 


Use the debug isdn command to activate debug messages associated with integrated services digital 

network (ISDN) events in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) 
screen. Use the no form of this command to disable the debug messages. Variations of this command 
include the following: 


debug isdn cc-ie 

debug isdn cc-ie pri 

debug isdn cc-ie pri <number> 

debug isdn cc-messages 

debug isdn cc-messages pri 

debug isdn cc-messages pri <number> 
debug isdn endpoint 

debug isdn endpoint pri 

debug isdn endpoint pri <number> 
debug isdn interface 

debug isdn interface pri 

debug isdn interface pri <number> 
debug isdn |2-formatted 

debug isdn I2-formatted pri 

debug isdn I2-formatted pri <number> 
debug isdn I2-messages 

debug isdn I2-messages pri 

debug isdn I2-messages pri <number> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





cc-ie Displays call control information elements. 

cc-messages Displays call control messages. 

endpoint Displays endpoint events. 

interface Displays ISDN interface events. 

I2-formatted Displays Layer 2 formatted messages. 

I2-messages Displays Layer 2 messages. 

pri Optional. Specifies the ISDN interface. 

pri <number> Optional. Specifies a specific ISDN interface. Range is 1 to 255. 


Default Values 





By default, all debug messages in AOS are disabled. 
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Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates all Layer 2 formatted messages: 


>enable 
#debug isdn |2-formatted 


The following example activates Layer 2 formatted messages received on ISDN interface PRI 1: 


>enable 
#debug isdn I2-formatted pri 1 
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debug isdn group 


Use the debug isdn group command to activate integrated services digital network (ISDN) group errors 
and messages. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no 
form of this command to disable the debug messages. Variations of this command include: 


debug isdn group 
debug isdn group <number> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





<number> Optional. Specifies the ISDN group. Valid range is 1 to 255. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates debug messages for all ISDN groups: 


>enable 
#debug isdn group 
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debug isdn resource-manager 


Use the debug isdn resource-manager command to activate integrated services digital network (ISDN) 
resource manager errors and messages. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example activates debug messages associated with the ISDN resource manager: 


>enable 
#debug isdn resource-manager 
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debug isdn verbose 


Use the debug isdn verbose command to activate all debug messages associated with integrated services 
digital network (ISDN) events in AOS. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example activates all debug messages associated with ISDN activity: 


>enable 
#debug isdn verbose 
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debug Ildp 


Use the debug Ildp command to display debug output for all Link Layer Discovery Protocol (LLDP) 
receive and transmit packets. Debug messages are displayed (real time) on the terminal (or Telnet) screen. 
Use the no form of this command to disable the debug messages. Variations of this command include: 


debug Ildp 

debug Ildp rx 

debug Ildp rx verbose 
debug Ildp tx 

debug Ildp tx verbose 
debug Ildp verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





rx Optional. Shows information about received packets. 
tx Optional. Shows information about transmitted packets. 
verbose Optional. Shows detailed debugging information. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example activates both transmit and receive messages associated with LLDP operation: 


>enable 
#debug Ildp 
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debug mail-client 


Use the debug mail-client command to enable mail agent debug messages. Variations of this command 
include: 


debug mail-client 
debug mail-client <agent name> 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





<agent name> Optional. Specifies debug messages are enabled only for the specified mail 
agent. 


Default Values 


By default, debugging capabilities are disabled. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example enables debug messaging for all configured mail agents: 


>enable 
#debug mail-client 
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debug ntp 


Use the debug ntp command to activate debug messages associated with the Network Time Protocol 
(NTP) daemon information. Debug messages are displayed (real time) on the terminal (or Telnet) screen. 
Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 


The following example activates debug messages associated with NTP: 


>enable 
#debug ntp 
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debug port-auth 


Use the debug port-auth command to generate debug messages used to aid in troubleshooting problems 
during the port authentication process. Debug messages are displayed (real time) on the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this 
command include the following: 


debug port-auth 

debug port-auth auth-sm 

debug port-auth bkend-sm 

debug port-auth general 

debug port-auth packet 

debug port-auth packet [both | tx | rx] 
debug port-auth reauth-sm 

debug port-auth supp-sm 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 





Syntax Description 





auth-sm Optional. Displays AuthPAE-state machine information. 

bkend-sm Optional. Displays backend-state machine information. 

general Optional. Displays configuration changes to the port authentication system. 

packet both Optional. Displays packet exchange information in both receive and 
transmit directions. 

packet rx Optional. Displays packet exchange information in the receive-only 
direction. 

packet tx Optional. Displays packet exchange information in the transmit-only 
direction. 

reauth-sm Optional. Displays reauthentication-state machine information. 

supp-sm Optional. Displays supplicant-state machine information. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 9.1 Command was introduced. 
Release 10.1 New options were introduced. 
Release 13.1 New options were introduced. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 241 


Command Reference Guide Enable Mode Command Set 





Usage Examples 





The following example activates port authentication debug information on received packets: 


>enable 
#debug port-auth packet rx 
Revd EAPOL Start for sess 1 on int eth 0/2 
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debug port security 


Use the debug port security command to display messages associated with port security. Debug messages 
are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable 
debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 


The following example activates port security debug messages: 


>enable 
#debug port security 
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debug ppp 


Use the debug ppp command to activate debug messages associated with Point-to-Point Protocol (PPP) 
operation in AOS. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no 
form of this command to disable the debug messages. Variations of this command include: 


debug ppp authentication 
debug ppp errors 

debug ppp negotiation 
debug ppp verbose 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





authentication Activates debug messages pertaining to PPP authentication (CHAP, PAP, 
EAP, etc.). 

errors Activates debug messages that indicate a PPP error was detected 
(mismatch in negotiation authentication, etc.). 

negotiation Activates debug messages associated with PPP negotiation. 

verbose Activates detailed debug messages for PPP operation. 


Default Values 





No default value necessary for this command. 


Command History 


Release 1.1 Command was introduced. 


Functional Notes 





The debug ppp command activates debug messages to provide information on PPP activity in the system. 
PPP debug messages can be used to aid in troubleshooting PPP links. 


Usage Examples 





The following example activates debug messages associated with PPP authentication activity: 


>enable 
#debug ppp authentication 
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debug pppoe client 


Use the debug pppoe client command to activate debug messages associated with Point-to-Point Protocol 
over Ethernet (PPPoE) operation in AOS. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 
The following example activates debug messages associated with PPPoE activity: 


>enable 
#debug pppoe client 
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debug probe 


Use the debug probe command to display probe event messages or activate debug messages associated 
with activities performed by the named probe object.. Debug messages are displayed (real time) to the 
terminal (or Telnet) screen. Use the no form of this command to disable debug messages. Variations of this 
command include: 


debug probe 

debug probe <name> 

debug probe responder twamp 

debug probe responder twamp control 

debug probe responder twamp control event 

debug probe responder twamp control event <address> 
debug probe responder twamp control packet 

debug probe responder twamp control packet <address> 
debug probe responder twamp test 

debug probe responder twamp test event 

debug probe responder twamp test event <address> 
debug probe responder twamp test packet 

debug probe responder twamp test packet <address> 





your unit. 


Wo Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





<name> Optional. Specifies the probe object. 


responder twamp Optional. Activates probe debug messages for all Two-way Active 
Measurement Protocol (TWAMP) responder verbose output. 


control Optional. Activates probe debug messages for TWAMP control responder 
verbose output. 


event <address> Optional. Activates probe debug messages for TWAMP control responder 
events. Specify the far end IP address to activate remote events. 


packet <address> Optional. Activates probe debug messages to decode TWAMP control 
packets. Enter an IP address to decode TWAMP control packets from a 
specific address. 


test Optional. Activates probe debug messages for TWAMP test responder 
verbose output. 


event <address> Optional. Activates probe debug messages for TWAMP test responder 
events. Enter a far end IP address to display events from the specified 
address. 


packet <address> Optional. Activates probe debug messages to decode TWAMP test packets. 
Enter an IP address to decode TWAMP test packets from a specific 
address. 
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Default Values 





By default, all debug messages in Adtran Operating System (AOS) are disabled. 


Command History 





Release 13.1 Command was introduced. 
Release 17.2 Command was expanded to include TWAMP responder debug options. 


Usage Examples 





The following example activates debug messages associated with all probe objects: 


>enable 
#debug probe 


The following example activates debug messages associated with the probe object named probe_A: 


>enable 
#debug probe probe A 


The following example activates probe responder debug messages: 


>enable 
#debug probe responder 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


247 


Command Reference Guide Enable Mode Command Set 





debug radius 


Use the debug radius command to enable debug messages from the RADIUS subsystem. Debug messages 
are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this command to disable the 
debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


The debug radius messages show the communication process with the remote RADIUS servers. 


Usage Examples 





The following is an example output for the debug radius command: 


>enable 

#debug radius 

RADIUS AUTHENTICATION: Sending packet to 172.22.48.1 (1645). 
RADIUS AUTHENTICATION: Received response from 172.22.48.1. 
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debug sip 


Use the debug sip command to activate debug messages associated with Session Initiation Protocol (SIP) 
events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of 
this command to disable the debug messages. Variations of this command include: 


debug sip cldu 

debug sip location 

debug sip manager 

debug sip name-service 

debug sip tdu 

debug sip trunk-registration 
debug sip trunk-registration <Txx> 


debug sip trunk-registration <7xx> <trunk id> 


debug sip user-registration 


debug sip user-registration <extension> 





your unit. 


ast 


Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





cldu 

location 
manager 
name-service 
tdu 


trunk-registration 
trunk-registration <7Txx> 


trunk-registration <7xx> <trunk id> 


user-registration 
user-registration <extension> 


Default Values 


Activates SIP CLDU event debug messages. 

Activates SIP location database event debug messages. 
Activates SIP stack manager event debug messages. 
Activates SIP name-service event debug messages. 


Activates SIP Transaction Distribution Unit (TDU) debug 
messages. 

Activates all SIP trunk-registration event debug messages. 
Optional. Activates SIP trunk-registration event debug messages 
for a specific trunk. For example: Txx (T01) where xx is the trunk’s 
two-digit identifier. 

Optional. Activates SIP trunk-registration event debug messages 
for a specific trunk. For example: Txx (T01) where xx is the trunk’s 
two-digit identifier and <trunk id> is the specific name associated 
with the trunk. 

Activates all SIP user-registration event debug messages. 


Optional. Activates SIP user-registration event debug messages for 
a specific trunk. 


By default, all debug messages in AOS are disabled. 
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Command History 





Release 9.3 Command was introduced. 

Release 11.1 Command was expanded to include proxy event messages. 
Release 15.1 Command was expanded to include name-service messages. 
Release 16.1 Command was expanded to include TDU messages. 


Usage Examples 





The following example activates all debug messages associated with SIP CLDU events: 


>enable 
#debug sip cldu 
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debug sip proxy 


Use the debug sip proxy command to activate debug messages associated with Session Initiation Protocol 
(SIP) proxy events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the 
no form of this command to disable the debug messages. Variations of this command include: 


debug sip proxy database 
debug sip proxy dialogs 
debug sip proxy routing 
debug sip proxy transactions 
debug sip proxy verbose 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 


database Activates SIP proxy database debug event debug messages. 

dialogs Activates SIP proxy DOM event debug messages. 

routing Activates SIP proxy message-routing events. 

transactions Activates SIP proxy event debug messages that shows the interaction 


between the SIP proxy and the SIP stack. 
verbose Activates all SIP proxy debug messages. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example activates all debug messages associated with SIP proxy events: 


>enable 
#debug sip proxy verbose 
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debug sip stack 


Use the debug sip stack command to activate debug messages associated with Session Initiation Protocol 
(SIP) stack events. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the no 
form of this command to disable the debug messages. Variations of this command include: 


debug sip stack debug 

debug sip stack errors 

debug sip stack exceptions 

debug sip stack info 

debug sip stack messages [ack | bye | cancel | info | invite | message | notify | options | prack | 
publish | refer | register | request | response | subscribe | update] [from <user> | request | 
response | rx | to <user> | tx] 

debug sip stack messages all 

debug sip stack messages [from <user> | request | response | rx | to <user> | tx] 

debug sip stack messages summary [ack | bye | cancel | info | invite | message | notify | options | 
prack | publish | refer | register | request | response | subscribe | update] [from <user> | request 
| response | rx | to <user> | tx] 

debug sip stack messages summary all 

debug sip stack verbose 

debug sip stack warnings 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 








The majority of the debug sip stack messages variations are available in any order, at any 
‘ore time within the subcommand. Use the ? at any level after each variation listed within the 
brackets to view additional arguments and variations for the subcommand(s). 








Syntax Description 


debug Activates SIP stack debug event debug messages. 
errors Activates SIP stack error event debug messages. 
exceptions Activates SIP stack exception event debug messages. 
info Activates SIP stack info event debug messages. 
messages Specify which SIP debug messages to activate from the list below. 
ack Activates SIP ACK debug messages. 
all Activates all SIP debug messages. 
bye Activates SIP ACK debug messages. 
cancel Activates SIP CANCEL debug messages. 
from <user> Activates SIP debug messages from the specified user. 
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info 
invite 
message 
notify 
options 
prack 
publish 
refer 
register 
request 
response 
rx 
subscribe 
summary 


to <user> 

Xx 

update 
verbose 
warnings 


Default Values 


Activates SIP INFO debug messages. 
Activates SIP INVITE debug messages. 
Activates SIP MESSAGES debug messages. 
Activates SIP NOTIFY debug messages. 
Activates SIP OPTIONS debug messages. 
Activates SIP PRACK debug messages. 
Activates SIP PUBLISH debug messages. 
Activates SIP REFER debug messages. 
Activates SIP REGISTER debug messages. 


Activates the specified SIP request debug messages. 


Activates the specified SIP response debug messages. 


Activates received SIP debug messages to or from a specific user. 


Activates SIP SUBSCRIBE debug messages. 


Activates SIP debug messages and displays only a summary (first line) of 


the available messages. 


Activates SIP debug messages to the specified user. 


Activates transmitted SIP debug messages to or from a specific user. 


Activates SIP UPDATE debug messages. 
Activates all SIP stack event debug messages. 


Activates SIP stack warning event debug messages. 





By default, all debug messages in AOS are disabled. 


Command History 





Release 9.3 
Release A1 


Usage Examples 


Command was introduced. 


Command was expanded in the AOS voice products. 





The following example activates all debug messages associated with SIP stack events: 


>enable 
#debug sip stack 
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debug snmp packets 


Use the debug snmp packets command to enable debug output from local SNMP traffic. Debug messages 
are displayed (real time) to the terminal (or Telnet) screen. When SNMP packets ingress or egress the unit 
(local traffic only), the traffic is displayed in a partially decoded form. Use the no form of this command to 
disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following is an example of debug output for snmp packets: 


>enable 
#debug snmp packets 
#SNMP V1 RX: GET-NEXT Request PDU from 10.23.1.157:2922 (community=public) 
request id=3, error status=0, error index=0 
max repetitions=0, non repetitions=0 
VarBinds: 
OID=1.3.6.1.2.1.1.3 
value=empty 


#SNMP V1 TX: GET Response PDU to 10.23.1.157:2922 (community=public) 
request id=3, error status=0, error index=0 
max repetitions=1, non repetitions=0 
VarBinds: 
OID=1.3.6.1.2.1.1.3.0 
value=410825 
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debug sntp 


Use the debug sntp command to enable debug messages associated with the Simple Network Time 
Protocol (SNTP). All SNTP packet exchanges and time decisions are displayed with these debugging 
events enabled. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no 
form of this command to disable the debug messages. Variations of this command include the following: 


debug sntp 
debug snip client 
debug snip server 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





client Optional. Displays SNTP client information. 
server Optional. Displays SNTP server information 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 


Release 3.1 Command was introduced. 
Release 13.1 Command was expanded to include the client and server options. 


Functional Notes 





The debug sntp command activates debug messages to aid in troubleshooting SNTP issues. 


Usage Examples 





The following is an example output for the debug sntp command: 


>enable 

#debug sntp 

#config term 

(config)#sntp server timeserver.localdomain 

2002.12.11 15:06:37 SNTP.CLIENT sent Version 1 SNTP time request to 63.97.45.57 
2002.12.11 15:06:37 SNTP.CLIENT received SNTP reply packet from 63.97.45.57 
2002.12.11 15:06:37 SNTP.CLIENT setting time to 12-11-2002 15:06:02 UTC 
2002.12.11 15:06:37 SNTP.CLIENT waiting for 86400 seconds for the next poll interval 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 255 


Command Reference Guide Enable Mode Command Set 





debug spanning-tree bpdu 


Use the debug spanning-tree bpdu command to display bridge protocol data unit (BPDU) debug 
messages. When enabled, a debug message is displayed for each BPDU packet that is transmitted or 
received by the unit. Debug messages are displayed (real time) on the terminal (or Telnet) screen. Use the 
no form of this command to disable the debug messages. Variations of this command include: 


debug spanning-tree bpdu all 
debug spanning-tree bpdu receive 
debug spanning-tree bpdu transmit 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 








‘one Refer to debug spanning-tree on page 257 for more information. 








Syntax Description 





all Displays debug messages for BPDU packets that are transmitted and 
received by the unit. 

receive Displays debug messages for BPDU packets received by the unit. 

transmit Displays debug messages for BPDU packets transmitted by the unit. 


Default Values 


No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 


The following example displays debug messages for BPDU packets that are transmitted and received by 
the unit: 


>enable 
#debug spanning-tree bpdu all 
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debug spanning-tree 


Use the debug spanning-tree command to enable the display of spanning-tree debug messages. Debug 
messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to 
disable the debug messages. Variations of this command include: 


debug spanning-tree config 
debug spanning-tree events 
debug spanning-tree general 
debug spanning-tree topology 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 








‘one Refer to debug spanning-tree bpdu on page 256 for more information. 








Syntax Description 





config Enables the display of spanning-tree debug messages when configuration 
changes occur. 

events Enables the display of debug messages when spanning-tree protocol 
events occur. 

general Enables the display of general spanning-tree debug messages. 

topology Enables the display of debug messages when spanning-tree protocol 


topology events occur. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 12.1 Command was expanded to include topology. 


Usage Examples 





The following example enables the display of general spanning-tree debug messages: 


>enable 
#debug spanning-tree general 
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debug stack 


Use the debug stack command to enable switch-stacking debug messages. Debug messages are displayed 
(real time) on the terminal (or Telnet) screen. Use the no form of this command to disable the debug 
messages. Variations of this command include: 


debug stack 
debug stack switch 
debug stack verbose 





your unit. 


Wor Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





switch Optional. Enables messages specific to the stack ports (stack switch API 
information). 
verbose Optional. Enables detailed messages specific to the stack protocol. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example activates the possible debug stack messages: 


>enable 
#debug stack switch 
#debug stack verbose 
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debug system 


Use the debug system command to enable debug messages associated with system events (i.e., login, 
logouts, etc.). Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form 
of this command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 


The following example activates debug messages associated with system information: 


>enable 
#debug system 
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debug tacacs+ 


Use the debug tacacs+ command to activate debug messages associated with terminal access controller 
access control system (TACACS+) protocol. Debug messages are displayed (real time) to the terminal (or 
Telnet) screen. Use the no form of this command to disable the debug messages. Variations of this 
command include: 


debug tacacs+ 
debug tacacs+ events 
debug tacacs+ packets 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





events Optional. Activates TACACS+ event debug messages. 
packets Optional. Activates TACACS+ packet debug messages. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example activates debug messages associated with the TACACS+ protocol: 


>enable 
#debug tacacs+ packets 
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debug tcl 


Use the debug tcl command to activate debug messages associated with tool command language (Tcl) 
interpreter operation. Debug messages are displayed (real time) on the terminal (or telnet) screen. Use the 
no form of this command to disable the debug messages. Variations of this command include: 


debug tcl cli 
debug tcl cli <filename> 
debug tcl track <name> 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





cli Displays debug messages for the Tcl interpreter to the command line 
interface. 

<filename> Optional. Displays debug messages only for the specified Tcl script file. 

track <name> Displays debug messages for the specified track. The track option is only 


available on platforms with Network Monitoring enabled. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example activates debug messages for the Tcl interpreter while running the file test1.tcl: 


>enable 
#debug tcl test1.tcl 
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debug track 


Use the debug track command to activate debug messages associated with activities performed by the 
named track object. Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the 
no form of this command to disable the debug messages. Variations of this command include: 


debug track 
debug track <name> 





your unit. 


or Turning on a large amount of debug information can adversely affect the performance of 





Syntax Description 





<name> Optional. Specifies the track object. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example activates debug messages associated with all track objects: 


>enable 
#debug track 


The following example activates debug messages associated with the track object named track_1: 


>enable 
#debug track track_1 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 262 


Command Reference Guide Enable Mode Command Set 





debug twping 


Use the debug twping command to activate debug messages associated with two-way ping packets. 
Debug messages are displayed (real time) to the terminal (or Telnet) screen. Use the no form of this 
command to disable the debug messages. 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all debug messages in AOS are disabled. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example activates two-way ping debug messages: 


>enable 
#debug twping 
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debug voice 


Use the debug voice command to activate debug messages associated with voice functionality. Debug 


messages are displayed (real time) on the terminal (or Telnet) screen. Use the no form of this command to 


disable the debug messages. Variations of this command include the following: 


debug voice account-status 

debug voice autoattendant 

debug voice color 

debug voice lineaccount 

debug voice lineaccount </ine> 

debug voice linemanager 

debug voice linemanager </ine> 

debug voice loopback 

debug voice mail 

debug voice mail <subsource> 

debug voice phoneconfig 

debug voice phonemanager 

debug voice phonemanager <s/ot:port> 
debug voice promptstudio 

debug voice proxydial 

debug voice rtp channel 

debug voice rtp manager 

debug voice rtp provider 

debug voice rtp verbose 

debug voice smdr 

debug voice smdr <number> 

debug voice stationaccount 

debug voice stationaccount <extension> 
debug voice statusgroups 

debug voice summary 

debug voice switchboard 

debug voice switchboard <subsource> 
debug voice switchboard call 

debug voice switchboard call <subsource> 
debug voice switchboard ccm 

debug voice toneservices 

debug voice toneservices <interface type> 
debug voice toneservices <interface type> <slot/port> 
debug voice trunkaccount 

debug voice trunkaccount <trunk id> 
debug voice trunkaccount <trunk id> <appearance> 
debug voice trunkmanager 

debug voice trunkmanager <irunk id> 
debug voice trunkport 

debug voice trunkport <s/ot:port:DSO> 
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debug voice verbose 





Wor Turning on a large amount of debug information can adversely affect the performance of 
your unit. 


Syntax Description 





account-status 
autoattendant 
color 

lineaccount 
lineaccount </ine> 
linemanager 
linemanager </ine> 
loopback 

mail 

mail <subsource> 


phoneconfig 


phonemanager 
phonemanager <s/ot:port> 


promptstudio 
proxydial 

rtp channel 

rtp manager 
rtp provider 

rtp verbose 
smdr 

smdr <number> 


stationaccount 
stationaccount <extension> 


statusgroups 

summary 

switchboard 

switchboard <subsource> 


Activates station account status event debug messages. 

Activates auto-attendant event debug messages. 

Activates color-coded event debug messages. 

Activates all line account event debug messages. 

Optional. Activates a specific line account event debug messages. 
Activates all line manager event debug messages. 

Optional. Activates a specific line manager event debug messages. 
Activates all voice loopback account event debug messages. 
Activates all voice mail event debug messages. 


Optional. Activates voice mail event debug messages for a specific 
subsource. 


Activates debugging of IP Phone Config Utilities, such as Phone 
Config Caching. 


Activates all phone manager event debug messages. 


Optional. Activates phone manager event debug messages for a 
specific slot and port. 


Activates prompt-studio event debug messages. 
Activates proxy dial event debug messages. 
Activates RTP channel event debug messages. 
Activates RTP manager event debug messages. 
Activates RTP provider event debug messages. 
Activates detailed RTP debug messages. 
Activates all SMDR event debug messages. 


Optional. Activates SMDR event debug messages for a specific to 
or from number. 


Activates all station account event debug messages. 


Optional. Activates station account event debug messages for a 
specific extension. 


Activates status group event debug messages. 
Activates simple voice event debug messages. 
Activates all switchboard event debug messages. 


Optional. Activates switchboard event debug messages for a 
specific subsource. 
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switchboard call Activates switchboard call state machine event debug messages. 

switchboard call <subsource> Optional. Activates switchboard call state machine event debug 
messages for a specific subsource. 

switchboard ccm Activates switchboard call connection manager event debug 
messages. 

toneservices Activates all tone service events debug messages. 

toneservices <notifies> Optional. Activates tone service events debug messages for the 


specified interface type. For example, for a FXS interface use fxs. 

toneservices <interface> <slot/port> Optional. Activates tone service events debug messages for the 
specified slot and port of the interface type. For example, for an 
individual FXS port use fxs 0/1. 


trunkaccount Activates all trunk account event debug messages. 

trunkaccount <trunk id> Optional. Activates trunk account event debug messages for a 
specific trunk. 

<appearance> Optional. Specifies specific trunk appearance. 

trunkmanager Activates all trunk manager event debug messages. 

trunkmanager <trunk id> Optional. Activates trunk manager event debug messages for a 
specific trunk. 

trunkport Activates all trunkport event debug messages. 

trunkport <s/ot:port:DSO> Optional. Activates trunkport event debug messages for a specific 
slot, port, and DSO. 

verbose Optional. Displays the entire running configuration to the terminal 


screen (versus only the nondefault values). 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 9.3 Command was introduced. 

Release 10.1 Command was expanded to include more options. 

Release 12.1 Command was expanded to include more options. 

Release 13.1 Command was expanded to include more options. 

Release 14.1 Command was expanded to include more options. 

Release 15.1 Command was expanded to include more options. 

Release A1 Command was expanded to include the voice loopback account. 


Usage Examples 





The following example activates all debug messages associated with voice functionality: 


>enable 
#debug voice summary 
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debug vrrp 


Use the debug vrrp command to enable VRRP debug messages. Debug messages are displayed (real time) 
on the terminal (or Telnet) screen. Use the no form of this command to disable the debug messages. 
Variations of this command include the following: 


debug vrrp 

debug vrrp error 

debug vrrp interface <interface> error 

debug vrrp interface <interface> group <number> error 
debug vrrp interface <interface> group <number> packet 
debug vrrp interface <interface> packet 

debug vrrp packet 





Wor Turning on a large amount of debug information can adversely affect the performance of 


your unit. 





Syntax Description 





error Optional. Displays debug messages for all VRRP errors in all groups on all 
interfaces or on a specified interface. 


interface <interface> Optional. Displays debug messages for all VRRP groups on the specified 
interface. Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id]>. For 
example, for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, 
use ppp 1; for an ATM subinterface, use atm 1.1; and for a virtual local area 
network (VLAN) interface, use vlan 1. Type debug vrrp interface ? for a 
complete list of valid interfaces. 


group <number> Optional. Specifies debug messages for a single VRRP group on a 
specified interface are generated. Group numbers range from 1 to 255. 


error Optional. Displays debug messages for VRRP errors for a single group on a 
specified interface. 


packet Optional. Displays debug messages for VRRP packets for a single group on 
a specified interface. 


packet Optional. Displays debug messages for all VRRP packets in all groups on 
all interfaces or on a specified interface. 


Default Values 





By default, all debug messages in AOS are disabled. 


Command History 





Release 16.1 Command was introduced. 
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Functional Notes 





Although VRRP group VRIDs can be numbered between 1 and 255, only two VRRP routers per interface 
are supported. 


Usage Examples 





The following example gives sample output from the debug vrrp packet command: 


>enable 

#debug vrrp packet 

2007.05.26 15:48:57 VRRP.PKT eth 0/1 grp 1 Sent Advertisement pri: 125, ipCnt:1 

2007.05.26 15:48:57 VRRP.PKT eth 0/1 grp 2 Received Advertisement pri: 125 from 10.23.197.236 
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dir 
Use the dir command to display a directory list of all files on the system in flash memory or on the 


installed CompactFlash® card or all files on the system in flash memory or on the installed CompactFlash 
card matching the specified pattern. Variations of this command include: 


dir 

dir <pattern> 

dir cflash 

dir cflash <pattern> 
dir flash 

dir flash <pattern> 


Syntax Description 





<pattern> Optional. Lists all files stored in flash that match the specified pattern. When 
a wildcard (*) is specified, only files located in the specified location 
matching the listed pattern are displayed. For example, *.biz displays all 
files with the .biz extension. 


When no wildcard is specified, the entire contents of flash memory is 


displayed. 
cflash Optional. Specifies files located on the installed CompactFlash card. 
flash Optional. Specifies files located on the system in flash memory. 


Default Values 


No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 12.1 Command expanded to include CompactFlash. 


Usage Examples 





The following is sample output from the dir command: 


>enable 
#dir flash 
3563529 NV2100A-10-05-00-E.biz 
2438 startup-config 
2484 startup-config.bak 
3694712 bytes used, 3007368 available, 6702080 total 
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disable 


Use the disable command to exit the Enable mode and enter the Basic mode. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example exits the Enable mode and enters the Basic Command mode: 


#disable 
> 
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erase 


Use the erase command to erase the specified file from the system flash memory or an installed 
CompactFlash® card. Variations of this command include: 


erase <filename> 

erase cflash <filename> 
erase dynvoice-config 
erase flash <filename> 
erase startup-config 


Syntax Description 





<filename> Specifies the name of the file to erase. The asterisk (*) can be used as a 
wildcard to specify a pattern for erasing multiple files. When a wildcard is 
specified, only files matching the listed pattern are erased. 


cflash Specifies the location of the file to erase as the installed CompactFlash 
card. 

dynvoice-config Erases the dynvoice-config file stored in the flash memory. 

flash Specifies the location of the file to erase as the system flash memory. 

startup-config Erases the startup configuration file stored in flash memory. 


Default Values 


No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 12.1 Command was expanded to include the dynvoice-config option. 


Usage Examples 





The following example erases the startup configuration file stored in flash memory: 


>enable 
#erase startup-config 


If a new startup-configuration file is not specified before power-cycling the unit, AOS will initialize using a 
blank configuration. 
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erase file-system cflash 


Use the erase file-system cflash command to erase all files on the installed CompactFlash® card. 





‘one Erasing the file system is equivalent to formatting the CompactFlash card. 





Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 
Usage Examples 


The following example erases all files located on the installed CompactFlash card: 


>enable 
#erase file-system cflash 
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events 


Use the events command to enable event reporting to the current command line interface (CLI) session. 


Use the no form of this command to disable all event reporting to the current CLI session. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example enables event reporting: 


>enable 
#events 
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exception report generate 


Use the exception report generate command to immediately generate an exception report. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example immediately generates an exception report: 


>enable 
#exception report generate 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


274 


Command Reference Guide Enable Mode Command Set 





factory-default 


Use the factory-default command to reset the unit to the factory default settings. 





dito Performing an AOS factory-default disrupts data traffic. 
7 





Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





After you issue this command, the system responds by first warning you that restoring the factory default 
settings will erase the current configurations. It then asks if you would like to proceed. Choose n to return 
to the command prompt (no configuration changes are made). Choose y to erase the 
startup-configuration, replace it with the factory-default configuration, and reboot the unit. After reboot, the 
new configuration takes effect. 


Usage Examples 


The following example resets the unit to factory default settings: 


>enable 
#factory-default 


WARNING - Restoring the factory default settings will erase the current startup and running configurations 
and will reboot the unit. 


Restore factory default settings ?[y/n]y 
Startup configuration written. 


Rebooting the system. Please wait... 
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logout 


Use the logout command to terminate the current session and return to the login screen. 


Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example shows the logout command being executed in Enable mode: 


>enable 

#logout 

Session now available 

Press RETURN to get started. 
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ping 


Use the ping command (at the Enable mode prompt) to verify IP network connectivity. Variations of this 
command include: 


ping 

ping <ip address | hostname> 

ping <ip address | hostname> data <string> 

ping <ip address | hostname> repeat <number> 

ping <ip address | hostname> size <value> 

ping <ip address | hostname> source <ip address> 

ping <ip address | hostname> timeout <value> 

ping vrf <name> <ip address | hostname> 

ping vrf <name> <ip address | hostname> data <string> 
ping vrf <name> <ip address | hostname> repeat <number> 
ping vrf <name> <ip address | hostname> size <value> 
ping vrf <name> <ip address | hostname> source <ip address> 
ping vrf <name> <ip address | hostname> timeout <value> 
ping vrf <name> <ip address | hostname> verbose 

ping vrf <name> <ip address | hostname> wait <interval> 


Syntax Description 





<ip address | hostname> Optional. Specifies the IP address or host name of the system to ping. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). Entering the ping command with no specified IP address 
prompts the user with parameters for a more detailed ping configuration. 
Refer to Functional Notes (below) for more information. 


data <string> Optional. Specifies an alphanumerical string to use (the ASCII equivalent) 
as the data pattern in the ECHO_REQ packets. 
repeat <number> Optional. Specifies the number of ping packets to send to the system. Valid 


range is 0 to 1,000,000. A repeat count of 0 indicates an infinite ping 
request, which can only be stopped by pressing Ctrl + C. 


size <value> Optional. Specifies the datagram size (in bytes) of the ping packet. Valid 
range is 1 to 1448 bytes. 


source <i/p address> Optional. Specifies the IP address to use as the source address in the 
ECHO_REQ (or interface) packets. The source IP address must be a valid 
address local to the router on the specified VPN routing and forwarding 
(VRF) instance. 


timeout <value> Optional. Specifies the timeout period after which the ping is considered 
unsuccessful. Valid range is 1 to 60 seconds. 


verbose Optional. Enables detailed messaging. 
vrf <name> Optional. Specifies the VRF where the ip address exists. 
wait <interval> Optional. Specifies a minimum time to wait between sending test packets. 


Valid range is 100 to 60,000 milliseconds. 
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Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 
Release 17.2 Command was expanded to include verbose and wait parameters, also 


changes were made to the repeat and timeout values. 


Functional Notes 





The ping command helps diagnose basic IP network connectivity using the Packet Internet Groper 
program to repeatedly bounce Internet Control Message Protocol (ICMP) ECHO_REQ packets off a 
system (using a specified IP address). AOS allows executing a standard ping request to a specified IP 
address, or provides a set of prompts to configure a more specific ping configuration. 


The following is a list of output messages from the ping command: 


| Success 

- Destination Host Unreachable 
$ Invalid Host Address 

X TTL Expired in Transit 

? Unknown Host 


Request Timed Out 
The following is a list of available extended ping fields with descriptions: 


Extended Commands Specifies whether additional commands are desired for more ping 
configuration parameters. Answer yes (y) or no (n). 

Source Address Specifies the IP address to use as the source address in the ECHO_REQ 
(or interface) packets. 

Data Pattern Specifies an alphanumerical string to use (the ASCII equivalent) as the data 
pattern in the ECHO_REQ packets. 

Sweep Range of Sizes Varies the sizes of the ECHO_REQ packets transmitted. 

Sweep Min Size Specifies the minimum size of the ECHO_REQ packet. Valid range is 0 to 
1488. 

Sweep Max Size Specifies the maximum size of the ECHO_REQ packet. Valid range is the 


sweep minimum size to 1448. 


Sweep Interval Specifies the interval used to determine packet size when performing the 
sweep. Valid range is 1 to 1448. 


Verbose Output Specifies an extended results output. 
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VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each 
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS 
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless 
of whether multi-VRF is configured. Therefore, executing the above mentioned commands without 
specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is an example of a successful ping command: 


>enable 

#ping 

VRF Name [-default-]: 

Target IP address:192.168.0.30 

Repeat count[1-1000000]:5 

Datagram Size [1-1000000]:100 

Timeout in seconds [1-5]:2 

Extended Commands? [y or n]:n 

Type CTRL+C to abort. 

Legend: '!' = Success '?' = Unknown host '$' = Invalid host address 
™ = Request timed out '-' = Destination host unreachable 
‘x'= TTL expired in transit 


Pinging 192.168.0.30 with 100 bytes of data: 


Success rate is 100 percent (5/5) round-trip min/avg/max = 19/20.8/25 ms 
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ping stack-member <number> 
Use the ping stack-member command to ping a member of the stack. Variations of this command include: 


ping stack-member <number> 
ping stack-member <number> vrf <name> 


Syntax Description 





<number> Specified which member of the stack to ping. 
vrf <name> Optional. Specifies the VRF where the stack-member exists. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





This command is available only in stack-master mode. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example pings a member of the stack: 


>enable 

#ping stack-member 3 

Type CTRL+C to abort. 

Legend: '!' = Success, '?' = Unknown host, '$' = Invalid host address 
™ = Request timed out, '-' = Destination host unreachable 


‘x'= TTL expired in transit 
Sending 5, 100-byte ICMP Echos to 169.254.0.3, timeout is 2 seconds: 
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2.2/3 ms 
# 
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reload 
Use the reload command to perform a manual reload of AOS. Variations of this command include: 


reload 
reload cancel 
reload in <delay> 





din Performing an AOS reload disrupts data traffic. 
/ 





Syntax Description 





cancel Optional. Deactivates a pending reload command. 


in <delay> Optional. Specifies a delay period in minutes (mmm) or hours and minutes 
(hh:mm) that AOS will wait before reloading. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example reloads the AOS software in 3 hours and 27 minutes: 


>enable 
#reload in 03:27 


The following example reloads the AOS software in 15 minutes: 


>enable 
#reload in 15 


The following example terminates a pending reload command: 


>enable 
#reload cancel 
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reload dot11 interface doti1lap <ap interface> 


Use the reload dot11 interface dot1lap factory default command to perform a cold start of a wireless 
access point (AP) that is currently controlled by the wireless access controller (AC) on which the command 


is executed. Variations of this command include: 


reload dot11 interface dot11ap <ap interface> 
reload dot11 interface dot11ap <ap interface> factory-default 


Syntax Description 





<ap interface> Specifies the AP interface number to reload. Range is 1 to 8. 
factory-default Optional. Specifies reloading the unit with the factory default settings. 


Default Values 





No default value necessary for this command. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example performs a cold start for AP interface 1: 


>enable 

#reload dot11 interface dot11ap 1 

AP 1 reloaded 

Router# 

2006.12.23 19:14:03 DOT11.Session : AP 1: AP reboot. 

2006.12.23 19:14:03 DOT11.Session : AP 1: Control session lost. 
2006.12.23 19:14:03 DOT11.Session : AP 1: Control session established. 
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run-tcl <filename> track <name> 


Use the run-tcl track command to initiate a Tcl script based on the result of monitoring the change of state 
of a track. Use the no form of this command to disable the track monitoring for the given script. This 
command is only available on platforms with Network Monitoring enabled. For more information on 
creating tracks, refer to track <name> on page 947 and the Network Monitor Track Configuration 
Command Set on page 2185. Variations of this command include: 


run-tcl <filename> track <name> on-pass 
run-tcl <filename> track <name> on-fail 


Syntax Description 





<filename> Specifies a Tcl script file. 

<name> Specifies the name of the track to be monitored. 

on-pass Specifies the file should be run when the track meets the passing condition. 
on-fail Specifies the file should be run when the track meets the failure condition. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example activates a Tcl script to be run when the failure condition is met on track_a: 


>enable 
#run tcl test1.tcl track track_a on-fail 
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show access-lists 


Use the show access-lists command to display all configured access control lists (ACLs) in the system (or 
a specific list). Variations of this command include: 


show access-lists 
show access-lists <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Specifies a particular ACL to display. 


Default Values 





No default value necessary for this command. 


Command History 


Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





The show access-lists command displays all configured ACLs in the system. All entries in the ACL are 
displayed, and a counter indicating the number of packets matching the entry is listed. 


Usage Examples 





The following is a sample output from the show access-lists command: 


>enable 

#show access-lists 

Standard access list MatchAll 

permit host 10.3.50.6 (0 matches) 

permit 10.200.5.0 wildcard bits 0.0.0.255 (0 matches) 

extended access list UnTrusted 

deny icmp 10.5.60.0 wildcard bits 0.0.0.255 any source-quench (0 matches) 
deny tcp any (0 matches) 
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show arp 


Use the show arp command to display the Address Resolution Protocol (ARP) table. Variations of this 
command include: 


show arp 

show arp realtime 

show arp vrf <name> 

show arp vrf <name> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wo Using the realtime argument for this command can adversely affect the performance or 
your unit. 








Syntax Description 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


vrf <name> Optional. Displays information only for the specified VRF. If a VRF is not 
specified, the default VRF is assumed. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 

Release 10.1 The real time display option was introduced. 

Release 16.1 Command was expanded to include the VRF parameter. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is a sample output of the show arp command: 


>enable 

#show arp 

ADDRESS TTL(min) MAC ADDRESS INTERFACE TYPE 
10.22.18.3 19 00:E0:29:6C:BA:31 = eth 0/1 Dynamic 
192.168.20.2 16 00:A0:C8:0D:E9:AD_ eth 0/2 Dynamic 
224.0.0.5 20 01:00:5E:00:00:05 eth 0/2 Permanent 
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show atm pvc 


Use the show atm command to display information specific to the asynchronous transfer mode (ATM) 
interface’s permanent virtual circuit (PVC). Variations of this command include the following: 


show atm pvc 
show atm pvc interfaces atm <interface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





interfaces atm <interface> Displays the ATM PVC information for a specific PVC. Specify an ATM 
interface (valid range is 1 to 1023) or a subinterface in the format <interface 
id.subinterface id> (for example, 1.1). Using this command without 
specifying an interface will display all information for all ATM PVCs. 


Default Values 


No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the show atm pvc interfaces command: 


>enable 

#show atm pvc interface atm 1.1 

Name VPI VCl Encap Type SC  PeakKbps Avg/MinKbps Burst Cells Status 
atm 1.14 0 200 SNAP N/A 0 0 0 Active 
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show atm traffic interface atm <interface> 


Use the show atm traffic command to display traffic information specific to the asynchronous transfer 
mode (ATM) interface. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Specifies an ATM port number. Specify an ATM interface (valid range is 1 to 
1023) or a subinterface in the format <interface id.subinterface id> (for 
example, 1.1). 


Default Values 





No default is necessary for this command. 


Command History 


Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the show atm traffic command from ATM interface 1: 


>enable 
#show atm traffic interface atm 1 
atm 1 is UP, line protocol is UP 
BW 896 kbit/s 
16 maximum active VCCs, 16 VCCs per VP, 1 current VCCs 
Queueing strategy: Per VC Queueing 
5 minute input rate 32 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
19 packets input, 1357 bytes 
0 pkts discarded, 0 error pkts, 0 unknown protocol pkts 
45 cells received, 0 OAM cells received 
0 packets output, 0 bytes 
0 tx pkts discarded, 0 tx error pkts 0 internal tx error pkts 
0 cells sent, O OAM cells sent 
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The following is sample output from the show atm traffic command from ATM subinterface 1.1: 
#show atm traffic interface atm 1.1 

27 Input Packets 

0 Output Packets 

72 Cells received, 0 OAM cells received 

F5 InEndLoopRea: 0 F5 InEndLoopResp: 0 F5 InAlS: 0 F5 InRDI: 0 

0 Cells sent, 0 OAM cells sent 

F5 OutEndLoopRea: 0 F5 OutEndLoopResp: 0 F5 OutAlS: 0 F5 OutRDI: 0 

0 OAM Loopback Successes 0 OAM Loopback Failures 
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show auto-config 


Use the show auto-config command to display auto-configuration status. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output of the show auto-config command: 


>enable 
#show auto-config 
Auto-Config is enabled, current status: Done. 
TFTP Server is 10.20.20.1 
Config filename is 1524STfile 
Maximum retry count is 0 (repeat indefinitely), total retries is 0 
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show bridge 


Use the show bridge command to display a list of all configured bridge groups (including individual 
members of each group). Enter an interface or a bridge number to display the corresponding list. Variations 
of this command include: 


show bridge 
show bridge <interface> 
show bridge <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<interface> Optional. Displays all bridge groups associated with the specific interface. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type the show bridge ? command to display a list of 
applicable interfaces. 


<number> Optional. Displays a specific bridge group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 9.1 Command was expanded to include HDLC interface. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample output from the show bridge command: 


>enable 

#show bridge 

Total of 300 station blocks 295 free 

Address Action Interface Age Rx Count Tx Count 


00:04:51:57:4D:5A forward” eth 0/1 0 7133392 7042770 
00:04:5A:57:4F:2A forward” eth 0/1 0 402365 311642 
00:10:A4:B3:A2:72 forward’ eth 0/1 4 2 0 
00:A0:C8:00:8F:98 forward eth 0/1 0 412367 231 

0 


00:E0:81:10:FF:CE forward = fr 1.17 1502106 1486963 
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show buffers 


Use the show buffers command to display the statistics for the buffer pools on the network server. 
Variations of this command include: 


show buffers 
show buffers realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following is a sample output from the show buffers command: 


>enable 


#show buffers 


Buffer handles: 119 of 2000 used. 


Pool 
0 


1 
2 
3 


Size 
1800 
2048 
4096 
8192 


Total 
1894 
64 
32 

4 


Used 
119 
0 

0 

0 


Available Max. Used 


1775 122 
64 0 
32 0 
4 0 
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show buffers users 


Use the show buffers users command to display a list of the top users of packet buffers. Typically, this 
command will only be used as a debug tool by ADTRAN personnel. Variations of this command include: 


show buffers users 
show buffers users realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following is a sample from the show buffers users command: 


>enable 

#show buffers users 
Number of users: 7 
Ran User Count 
0x0052f4f8 59 
0x0051a4fc 32 
0x00528564 
0x0053c1c8 
fixedsize 
0x001d8298 
0x0010d970 
0x00000000 
0x00000000 
0x00000000 
0x00000000 


“A OANDOAHKRWN — 
Go OOO HN ON © 


— 
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show cflash 


Use the show cflash command to display a list of all files currently stored in CompactFlash® memory or 
details about a specific file stored in CompactFlash memory. Variations of this command include: 


show cflash 
show cflash <filename> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<filename> Optional. Displays details for a specified file located in flash memory. Enter 
a wildcard (such as *.biz) to display the details for all files matching the 
entered pattern. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample show cflash output: 


>enable 

#show cflash 

(dir) 0 SystemDefaultPrompts 

(dir) 0 VoiceMail 

9377163 NV7100A-12-00-23-E.biz 

11110890 sip.Id 

8767439 NV7100A-11-03-02-E.biz 

8771176 NV7100A-11-03-02d-E.biz 

8773148 NV7100A-11-03-03-E.biz 

48508928 bytes used, 207319040 available, 255827968 total 
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show channel-group 


Use the show channel-group command to display detailed information regarding port aggregation of a 
specified channel group (i.e., channel groups and their associated ports). Variations of this command 
include the following: 


show channel-group port-channel load-balance 
show channel-group summary 
show channel-group <number> summary 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





port-channel load-balance Displays the current load-balance scheme. 


summary Summarizes the state of all channel groups or of a specific channel group (if 
specified by the <number> argument). 
<number> Optional. Specifies the channel group using the channel group ID (16). 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample from the show channel-group command: 


>enable 

#show channel-group summary 

Channel Group Port channel Associated Ports 

1 1 eth 0/2 eth 0/3 

2 2 eth 0/5 eth 0/6 eth 0/7 
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show clock 


Use the show clock command to display the system time and date entered using the clock set command. 
Refer to the section clock set <time> <day> <month> <year> on page 128 for more information. 
Variations of this command include: 


show clock 
show clock detail 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





detail Optional. Displays more detailed clock information, including the time source. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays the current time and data from the system clock: 


>show clock 
23:35:07 UTC Tue Aug 20 2002 
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show configuration 


Use the show configuration command to display a text printout of the startup configuration file stored in 
nonvolatile random access memory (NVRAM). 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output of the show configuration command: 


>enable 

#show configuration 

| 

| 

no enable password 

| 

ip subnet-zero 

ip classless 

ip routing 

| 

event-history on 

no logging forwarding 

logging forwarding priority-level info 
no logging email 

| 

ip policy-timeout tcp all-ports 600 
ip policy-timeout udp all-ports 60 
ip policy-timeout icmp 60 
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| 

| 

| 

interface eth 0/1 

speed auto 
no ip address 
shutdown 

| 

interface dds 1/1 
shutdown 

| 

interface bri 1/2 
shutdown 

| 

| 


ip access-list standard Outbound 


permit host 10.3.50.6 
permit 10.200.5.0 0.0.0.255 
| 

| 


ip access-list extended UnTrusted 


deny icmp 10.5.60.0 0.0.0.255 any source-quench 


deny tcp any any 
| 

no ip snmp agent 
{ 

| 

| 

line con 0 

no login 

| 

line telnet 0 

login 

line telnet 1 

login 

line telnet 2 

login 

line telnet 3 

login 

line telnet 4 

login 

| 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 


301 


Command Reference Guide Enable Mode Command Set 





show connections 


Use the show connections command to display information (including TDM group assignments) for all 
active connections. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 7.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the show connections command: 


>enable 
#show connections 
Displaying all connections.... 





Conn ID From To 

1 atm 1 adsl 1/1 

2 ppp 1 t1 2/1, tdm-group 1 
3 ppp 1 t1 2/2, tdm-group 1 
4 ppp 3 e1 3/1, tdm-group 1 
5 ppp 3 e1 3/2, tdm-group 1 
6 ppp 3 e1 3/3, tdm-group 1 
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show crypto ca 


Use the show crypto ca command to display information regarding certificates and profiles. Variations of 
this command include: 


show crypto ca certificates 
show crypto ca cris 
show crypto ca profiles 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





certificates Displays information on all certificates. 
cris Displays a summary of all certificate revocation lists (CRLs) for each CA. 
profiles Displays information on all configured CA profiles. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced (enhanced software version only). 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample from the show crypto ca certificates command: 


>enable 

#show crypto ca certificates 
CA Certificate 

Status: Available 

Certificate Serial Number: 012d 


Subject Name: /C=FI/O=SSH Communications Security‘OU=Web test/CN=Test CA 1 
Issuer: /C=FI/O=SSH Communications Security/OU=Web test/CN=Test CA 1 
CRL Dist. Pt: /C=Fl/O=SSH Communications Security/OU=Web test/CN=Test CA 1 
Start date is Jan 9 16:25:15 2003 GMT 
End date is Dec 31 23:59:59 2003 GMT 
Key Usage: 

Non-Repudiation 

Key Encipherment 

Data Encipherment 

CRL Signature 

Encipherment Only 
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show crypto ike 


Use the show crypto ike command to display information regarding the IKE configuration. Variations of 
this command include the following: 


show crypto ike client configuration pool 

show crypto ike client configuration pool <name> 
show crypto ike policy 

show crypto ike policy <value> 

show crypto ike remote-id <remote-id> 

show crypto ike sa 

show crypto ike sa brief 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





client configuration pool Displays the list of all configured IKE client configuration pools. 


<name> Optional. Displays detailed information regarding the specified IKE client 
configuration pool. 


policy Displays information on all IKE policies. Indicates if client configuration is 
enabled for the IKE policies and displays the pool names. 


<value> Optional. Displays detailed information on the specified IKE policy. This 
number is assigned using the crypto ike policy command. Refer to crypto 
ike on page 648 for more information. 


remote-id <remote-id> Displays information on all IKE information regarding the remote-id. The 
remote-id value is specified using the crypto ike remote-id command 
(refer to crypto ike remote-id on page 652). 


sa Displays all IPSec security associations. 
sa brief Optional. Displays a brief listing of IPSec security associations. 


Default Values 





No default value necessary for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 15.1 Command expanded to include the brief option. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample from the show crypto ike policy command: 


>enable 
#show crypto ike policy 
Crypto IKE Policy 100 
Main mode 
Using System Local ID Address 
Peers: 
63.105.15.129 
initiate main 
respond anymode 
Attributes: 
10 
Encryption: 3DES 
Hash: SHA 
Authentication: Pre-share 
Group: 1 
Lifetime: 900 seconds 


The following is a sample from the show crypto ike sa brief command: 


>enable 

#show crypto ike sa brief 
Using 3 SAs out of 2000 
IKE Security Associations: 


(NOTE: The Remote ID may be truncated) 


Peer IP Address Lifetime Status IKE Policy 
10.22.19.4 19800 UP (SA_MATURE) 100 
10.22.19.2 0 MM_SA_WAIT 101 
10.22.19.6 86365 UP (SA_MATURE) 102 


Remote ID 
nv1224r 
UNKOWN 
security2 
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show crypto ipsec 


Use the show crypto ipsec command to display information regarding the IPSec configuration. Variations 
of this command include the following: 


show crypto ipsec sa 

show crypto ipsec sa address <ip address> 
show crypto ipsec sa brief 

show crypto ipsec sa map <name> 

show crypto ipsec transform-set 

show crypto ipsec transform-set <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





sa Displays all IPSec security associations. 


sa address <ip address> Optional. Displays all IPSec security associations associated with the 
designated peer IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


sa brief Optional. Displays a brief listing of IPSec security associations. 

sa map <name> Optional. Displays all IPSec security associations associated with the 
designated crypto map name. 

transform-set Displays all defined transform sets. 

<name> Optional. Displays information for a specific transform set. 


Default Values 





No default value necessary for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 15.1 Command expanded to include the brief option. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample from the show crypto ipsec sa command: 


>enable 
#show crypto ipsec sa 


IPSec Security Associations: Total IPSec SAs: 2 

Peer IP Address: 192.168.1.2 

Direction: Inbound 

SPI: OxD863FF3F (3630432063) 

Encapsulation: ESP 

RX Bytes: 22085 

Selectors: Src:10.0.0.0/255.0.0.0 Port:ANY Proto:ALL IP 
Dst:172.16.16.0/255.255.255.0 Port:ANY Proto:ALL IP 

Hard Lifetime: 26650 

Soft Lifetime: 0 

Out-of-Sequence Errors: 0 

Crypto Map: VPN 10 

Peer IP Address: 192.168.10.1 

Direction: Outbound 

SPI: 0xDB86CD78 (3683044728) 

Encapsulation: ESP 

TX Bytes: 31934 

Selectors: Src:172.16.16.0/255.255.255.0 Port:ANY Proto:ALL IP 
Dst:10.0.0.0/255.0.0.0 Port:ANY Proto:ALL IP 

Hard Lifetime: 26640 

Soft Lifetime: 26580 

Crypto Map: VPN 10 


The following is a sample from the show crypto ipsec sa brief command: 


>enable 

#show crypto ipsec sa brief 
Using 4 SAs out 4000 

IPSec Security Associations: 


(NOTE: Crypto Map and Remote ID may be truncated) 


Peer IP Address # Bytes Crypto Map Remote ID 


10.22.19.34 RX 384 VPN 10 nv1224r 
10.22.19.34 RX0 VPN 30 security2 
10.22.19.4 TX 512 VPN 10 nv1224r 
10.22.19.6 TX 128 VPN 30 security2 
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show crypto map 


Use the show crypto map command to display information regarding crypto map settings. Variations of 
this command include the following: 


show crypto map 

show crypto map interface <interface> 
show crypto map <name> 

show crypto map <name> <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





interface <interface> Optional. Displays the crypto map settings for the specified interface. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show crypto map interface ? for a complete list of 
valid interfaces. 


<name> Optional. Specifies a specific crypto map name. 
<number> Optional. Specifies a specific crypto map number. 


Default Values 





No default value necessary for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample from the show crypto map command: 


>enable 
#show crypto map testMap 
Crypto Map “testMap” 10 ipsec-ike 
Extended IP access list NewList 
Peers: 
63.97.45.57 
Transform sets: 
esp-des 
Security-association lifetimes: 
0 kilobytes 
86400 seconds 
No PFS group configured 
Interfaces using crypto map testMap: 
eth 0/1 
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show debugging 


Use the show debugging command to display a list of all activated debug message categories. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show debugging command: 


>enable 

#show debugging 

debug access-list MatchAll 
debug firewall 

debug ip rip 

debug frame-relay events 
debug frame-relay Ilc2 
debug frame-relay Imi 
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show demand 


Use the show demand command to display information regarding demand routing parameters and 
statistics. Variations of this command include the following: 


show demand 

show demand interface demand <interface> 
show demand resource pool 

show demand resource pool <name> 

show demand sessions 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





interface demand <interface> Optional. Displays information for a specific demand routing interface. 
Valid range is 1 to 1024. Type show demand interface ? for a list of valid 


interfaces. 

resource pool Optional. Displays all resource pool information. 

<name> Optional. Displays resource pool information for a specific resource pool 
name. 

sessions Optional. Displays active demand sessions. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is example output from the show demand interface command: 


>enable 
#show demand int 1 
Demand 1 is UP (connected) 
Configuration: 
Keep-alive is set (10 sec.) 
Admin MTU = 1500 
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Mode: Either, 1 dial entries, idleTime = 120, fastldle = 20 
Resource pool demand 
No authentication configured 
IP address 10.100.0.2 255.255.255.0 
Connect Sequence: Successes = 0, Failures = 0 
Seq DialString Technology Successes Busys NoAnswers NoAuths  InUse 
5 5552222 ISDN 0 0 0 0 
Current values: 
Local IP address 10.100.0.2, Peer IP address 10.100.0.1 
Seconds until disconnect: 63 
Queueing method: weighted fair 
Output queue: 0/1/428/64/0 (size/highest/max total/threshold/drops) 
Conversations 0/1/256 (active/max active/max total) 
Available Bandwidth 48 kilobits/sec 
Bandwidth=64 Kbps 
Link through bri 1/3, Uptime 0:01:10 
IN: Octets 588, Frames 19, Errors 0 
OUT: Octets 498, Frames 18, Errors 0 
Last callerID 2565552222, last called num 5552222 


The following is example output from the show demand interface demand command: 


>enable 

#show demand interface demand 1 
demand 1 

Idle timer (120 secs), Fast idle timer (20 secs) 


Dialer state is data link layer up 
Dial reason: answered 


Interface bound to resource bri 1/3 
Time until disconnect 105 secs 
Current call connected 00:00:27 
Connected to 2565552222 


Number of active calls = 1 
Interesting Traffic = list junk 


Connect Sequence: Successes = 0, Failures = 0 
Seq __ DialString Technology Successes Busys NoAnswers NoAuths  InUse 
5 5552222 ISDN 0 0 0 0 
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The following is example output from the show demand resource pool command: 


>enable 
#show demand resource pool 
Pool demand 
Resources: bri 1/8, bri 2/3 


Demand Interfaces: demand 1 


The following is example output from the show demand sessions command: 


>enable 

#show demand sessions 
Session 1 

Interface demand 1 

Local IP address = 10.100.0.2 
Remote IP address = 10.100.0.1 
Remote Username = 

Dial reason: ip (S=, d=) 

Link 1 

Dialed number = 5552222 
Resource interface = bri 1/3, Multilink not negotiated 
Connect time: 0:0:13 

Idle Timer: 119 
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show dial-backup interfaces 


Use the show dial-backup interfaces command to display all configured dial-backup interfaces and the 
associated parameters for each. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include PPP dial backup. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example enters the Enable mode and uses the show command to display dial-backup 
interface information: 


>enable 

#show dial-backup interfaces 
Dial-backup interfaces... 

fr 1.16 backup interface: 
Backup state: idle 

Backup protocol: PPP 

Call mode: originate 
Auto-backup: enabled 
Auto-restore: enabled 
Priority: 50 

Backup delay: 10 seconds 
Restore delay: 10 seconds 
Connect timeout: 60 seconds 
Redial retries: unlimited 
Redial delay: 10 seconds 
etc. 
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show dialin interfaces 


Use the show dialin interfaces command to display information regarding remote console dialin. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the show dialin interfaces command: 


>enable 

#show dialin interfaces 

Dialin interfaces... 

modem 1/3 dialin interface: 

Connection Status: Connected 

Caller ID info: name-John Smith number-5551 212 time-14:23:10 2/17/2003 
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show dot11 access-point 


Use the show dot11 access-point command to display information about wireless access points (APs) for 
the wireless access controllers (ACs) in the network. Variations of this command include the following: 


show dot11 access-point 

show dot11 access-point detail 

show dot11 access-point mac-address <mac address> 
show dot11 access-point mac-address <mac address> detail 
show dot11 access-point managed 

show dot11 access-point managed detail 

show dot11 access-point managed realtime 

show dot11 access-point name <name> 

show dot11 access-point name <name> detail 
show dot11 access-point realtime 

show dot11 access-point status available 

show dot11 access-point status available detail 
show dot11 access-point status download 

show dot11 access-point status download detail 
show dot11 access-point status init 

show dot11 access-point status init detail 

show dot11 access-point status no_session 

show dot11 access-point status no_session detail 
show dot11 access-point status ready 

show dot11 access-point status ready detail 
show dot11 access-point status recovery 

show dot11 access-point status recovery detail 
show dot11 access-point status running 

show dot11 access-point status running detail 
show dot11 access-point status session 

show dot11 access-point status session detail 
show dot11 access-point unmanaged 

show dot11 access-point unmanaged detail 

show dot11 access-point unmanaged realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 
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Syntax Description 





mac-address <mac address> Optional. Displays a particular AP by MAC address. MAC addresses should 
be expressed in the following format xx:xx:xx:xx:xx:xx (for example, 
00:A0:C8:00:00:01). 


managed Optional. Displays a list of APs managed by this AC. 
name <name> Optional. Displays a particular AP by name. 
status Optional. Displays APs at a certain status. (Refer to the options below.) 
available Optional. Displays APs at available session state. 
download Optional. Displays APs at download state. 
init Optional. Displays APs at init state. 
no_session Optional. Displays APs at no session state. 
ready Optional. Displays APs at ready state. 
recovery Optional. Displays APs at recovery state. 
running Optional. Displays APs at running state. 
session Optional. Displays APs at session state. 
unmanaged Optional. Displays a list of APs not managed by this AC. 
detail Optional. Displays a detailed list of all discovered APs. 
realtime Optional. Displays full-screen output in real time. Refer to the Functional 


Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 15.1 Command was introduced. 
Release 16.1 Command was expanded to include available session state. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following is sample output from the show dot11 access-point command: 


>enable 
#show dot11 access-point 
Wireless Access Points: 


Name MAC-Address AP Status 


ADTN1DF857 00:A0:C8:1D:F8:57 Session 


Cfg’d 


Control Status 


Ctl_by_This AC 
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show dot11 clients 


Use the show dot11 clients command to display stations associated with all wireless access points (APs). 
Variations of this command include the following: 


show dot11 clients interface dot11ap <ap interface> 
show dot11 clients mac-address <mac address> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





interface doti1ap Displays stations associated with APs by interface. 

<ap interface> Specifies AP interface number. Range is 1 to 8. 

mac-address Displays stations associated with APs by MAC address. 

<mac address> Specifies a valid client 48-bit MAC address. MAC addresses should be 


expressed in the following format xx:xx:Xx:xx:xx:xx (for example, 
00:A0:C8:00:00:01). 


Default Values 





No default value necessary for this command. 


Command History 





Release 15.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following command initiates a request to display a list of clients for AP interface 1. 


>enable 

#show dot11 clients interface doti1tap 1 
Wireless Access Point Clients: 

Ap Station MAC-Address 


1 00:40:96:AB:3B:5E 
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The following command initiates a request to display a list of clients for MAC address 00:40:96:ab:3b:5e: 


>enable 

#show dot11 clients mac-address 00:40:96:ab:3b:5e 
Wireless Access Point Clients: 

Ap Radio Vap Station MAC-Address 


1 1 1 00:40:96:AB:3B:5E 
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show dot11 statistics interface doti1ap 


Use the show dot11 statistics interface dot1lap command to display counters of an 802.11 radio and its 
virtual access points (VAPs). Variations of this command include the following: 


show dot11 statistics interface dot11ap <ap/radio> 
show dot11 statistics interface dot11ap <ap/radio. vap> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<ap> Specifies the wireless access point (AP). Range is 1 to 8. 
</tadio> Specifies the radio associated with the AP. Range is 1 to 2. 
<.vap> Specifies the VAP associated with the radio. Range is 1 to 8. 





The radio must be specified in the format <ap/radio>. For example, 2/1 indicates radio 1 
‘one on access point 2. The virtual access point must be specified in the format <ap/radio.vap>. 
For example, 2/1.1 indicates virtual access point I on radio I on access point 2. 





Default Values 





No default value necessary for this command. 


Command History 





Release 15.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is an example output for the radio 1 on AP interface 1 using the show dot11 statistics 
interface dot11ap command: 


>enable 

#show dot11 statistics interface dot11ap 1/1 
Authentication Count: 17 

Deauthentication Count: 48 

Association Count: 18 

Disassociation Count: 12 

Reassociation Count: 0 

Wireless MSDU Rx Packets: 346 

Wireless Data Rx Packets: 7221 

Wireless Multicast Rx Packets: 308 
Wireless Management Rx Packets: 675805 
Wireless Control Rx Packets: 0 

Wireless MSDU Tx Packets: 237259 
Wireless Data Tx Packets: 236856 
Wireless Multicast Tx Packets: 236812 
Wireless Management Tx Packets: 599 
Wireless Control Tx Packets: 0 
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show dynamic-dns 


Use the show dynamic-dns command to show information related to the dynamic domain naming system 
(DNS) configuration. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 


‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from this command: 


>enable 

#show dynamic-dns 

eth 0/1: 

Hostname: host 

Is Updated: no 

Last Registered IP: 10.15.221.33 

Last Update Time: 00:00:00 UTC Thu Jan 01 1970 
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show event-history 


Use the show event-history command to display all entries in the current local event-history log. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The event history provides useful information regarding the status of the system and individual port states. 
Use the event history as a troubleshooting tool when identifying system issues. The following is a sample 
event-history log. 


>enable 

#show event-history 

Using 526 bytes 

2002.07.12 15:34:01 T1.t1 1/1 Yellow 

2002.07.12 15:34:01 INTERFACE_STATUS.t1 1/1 changed state to down. 
2002.07.12 15:34:02 T1.t1 1/1 No Alarms 

2002.07.12 15:34:02 INTERFACE_STATUS.t1 1/1 changed state to up. 
2002.07.12 15:34:03 INTERFACE_STATUS.eth 0/1 changed state to up. 
2002.07.12 15:34:10 OPERATING_SYSTEM Warm Start 

2002.07.12 15:34:12 PPP.NEGOTIATION LCP up 

2002.07.12 15:34:12 PPP.NEGOTIATION IPCP up 
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show fan-tach 


Use the show fan-tach command to view the unit’s current fan speed. 








Syntax Description 


The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows the current fan speed: 


>enable 

#show fan-tach 

Fan Tach(inrpm) Current Min Max 
Processor 8160 8100 17804 
Chassis 1 3060 3060 31380 
Chassis 2 3120 3060 31560 


Avg 
8544 
4237 
4277 
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show file 


Use the show file command to display a specified file (located in either CompactFlash® or flash memory) 
to the terminal screen. Variations of this command include: 


show file <filename> 

show file <filename> checksum 

show file cflash <filename> 

show file cflash <filename> checksum 
show file flash <filename> 

show file flash <filename> checksum 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








To display files located in the flash memory on products with CompactFlash capability, the 
‘ore flash keyword must be specified whether or not a CompactFlash card is installed. 








Syntax Description 





<filename> Displays information on the specified file. Wildcard entries (Such as *.biz) 
are not valid for the show file command. 

cflash Specifies a file located in CompactFlash memory. 

flash Specifies a file located in flash memory. 

checksum Optional. Displays the message digest 5 (MD5) checksum of the specified 
file. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command introduced. 
Release 12.1 Command expanded to include the cflash option. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample show file cflash output: 


>enable 

#show file cflash startup-config 
Router#show file startup-config 
Using 2558 bytes 

| 

| 

hostname “Router” 

enable password password 

| 

clock timezone -6-Central-Time 
| 

ip subnet-zero 

ip classless 

ip routing 

| 

no auto-config 

| 

event-history on 

no logging forwarding 

no logging email 

logging email priority-level info 

| 

no service password-encryption 
| 

username “admin” password “password” 
| 

--MORE 
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show flash 


Use the show flash command to display a list of all files currently stored in flash memory. Variations of 
this command include: 


show flash 
show flash <filename> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<filename> Optional. Displays details for a specified file located in flash memory. Enter 
a wildcard (such as *.biz) to display the details for all files matching the 
entered pattern. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample show flash output: 


>enable 
#show flash 
Files: 
245669 010100boot.biz 
1141553 new.biz 
821 startup-config 
1638 startup-config.old 
1175679 020016.biz 
821 startup-config.bak 
2572304 bytes used 4129776 available 6702080 total 
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show frame-relay fragment 


Use the show frame-relay fragment command to display detailed fragmentation statistics for Frame 
Relay subinterfaces with FRF.12 fragmentation enabled. Variations of this command include: 


show frame-relay fragment 
show frame-relay fragment interface frame-relay <subinterface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





interface frame-relay <subinterface> Optional. Displays detailed fragmentation statistics for the specified 
Frame Relay subinterface. Subinterfaces are expressed in the 
format interface id.subinterface id (for example, fr 1.16). 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, 
include. 


Usage Examples 





The following are sample outputs from various show frame-relay fragment commands: 


>enable 

#show frame-relay fragment 

interface — dici frag_size rx_frag tx_frag dropped _frag 
fr 1.1 17 100 46 48 0 

fr 1.2 18 200 42 21 0 
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>enable 


#show frame-relay fragment frame-relay 1.1 


DLC] = 17 FRAGMENT SIZE = 100 


rx frag. pkts 46 
rx frag. bytes 4598 
rx non-frag. pkts 18 
rx non-frag. bytes 1228 
rx assembled pkts 23 
rx assembled bytes 5478 
dropped reassembling pkts 0 
rx out-of-sequence fragments 0 


rx unexpected beginning fragment 0 


tx frag. pkts 

tx frag. bytes 

tx non-frag. pkts 

tx non-frag. bytes 

tx pre-fragment pkts 

tx pre-fragment bytes 
dropped fragmenting pkts 
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show frame-relay 


Use the show frame-relay command to display configuration and status parameters for configured virtual 
Frame Relay interfaces. Variations of this command include the following: 


show frame-relay Imi 

show frame-relay pvc 

show frame-relay pvc interface frame-relay <interface> 

show frame-relay pvc interface frame-relay <interface> realtime 
show frame-relay pvc realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘nore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





Imi Displays link management interface (LMI) statistics for each virtual Frame 
Relay interface. 

pvc Displays permanent virtual circuit (PVC) configuration and statistics for all 
virtual Frame Relay interfaces (or a specified interface). 

interface frame-relay Displays Frame Relay PVC statistics for a specific Frame Relay interface. 

<interface> Specifies the virtual Frame Relay interface (for example, fr 1). 

realtime Optional. Displays full-screen output in real time. Refer to the Functional 


Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 10.1 Realtime option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following are sample outputs from various show frame-relay commands: 


>enable 

#show frame-relay Imi 

LMI statistics for interface FR 1 LMI TYPE = ANSI 

Num Status Enq. Sent 79 Num Status Msgs Revd 71 
Num Update Status Revd 12 Num Status Timeouts 5 


>enable 
#show frame-relay pvc 
Frame Relay Virtual Circuit Statistics for interface FR 1 
Active Inactive Deleted Static 
local 2 0 0 2 
DLCI = 16 DLCI USAGE = LOCAL PVC STATUS = ACTIVE INTERFACE = FR 1.16 
MTU: 1500 


input pkts: 355 output pkts: 529 in bytes: 23013 
out bytes: 115399 dropped pkts: 13 in FECN pkts: 0 
in BECN pkts: 0 in DE pkts: 0 out DE pkts: 0 


pvc create time: 00:00:00:12 last time pvc status changed: 00:00:13:18 
DLCI = 20 DLC! USAGE = LOCAL PVC STATUS = ACTIVE INTERFACE = FR 1.20 
MTU: 1500 


input pkts: 0 output pkts: 44 in bytes: 0 
out bytes: 22384 dropped pkts: 11 in FECN pkts: 0 
in BECN pkts: 0 in DE pkts: 0 out DE pkts: 0 


pvc create time: 00:00:01:25 last time pvc status changed: 00:00:13:18 
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show frame-relay multilink 


Use the show frame-relay multilink command to display information associated with the Frame Relay 
multilink interface. Variations of this command include: 


show frame-relay multilink 

show frame-relay multilink detailed 

show frame-relay multilink <interface> 

show frame-relay multilink <interface> detailed 

show frame-relay multilink interface frame-relay <subinterface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Optional. Specifies the display of information for a specific 
interface. Enter the show frame-relay multilink ? command for 
a complete list of interfaces. 

detailed Optional. Displays more detailed information. 


interface frame-relay <subinterface> Optional. Displays detailed fragmentation statistics for the 
specified Frame Relay subinterface. subinterfaces are expressed 
in the format interface id.subinterface id (for example, fr 1.16). 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, 
include. 


Usage Examples 





The following is a sample output from this command: 


>enable 

#show frame-relay multilink 

Bundle: frame-relay 1 is DOWN; class A bundle 
Near-end BID: MFR1; Far-end BID: unknown 
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show garp timer 


Use the show garp timer command to display the current configured Generic Attribute Registration 
Protocol (GARP) application timer values. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays the current configured GARP application timer values: 


>enable 

#show garp timer 

Timer Timer Value (milliseconds) 
Join 200 

Leave 600 

LeaveAll 10000 
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show gvrp configuration 


Use the show gvrp configuration command to show a GARP VLAN Registration Protocol (GVRP) 
configuration summary for the switch. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays a GVRP configuration summary for the switch: 


>enable 

#show gvrp configuration 

Global GVRP Configuration: 

GVRP Feature is currently enabled globally. 
GVRP Timers (milliseconds) 

Join 200 

Leave 600 

LeaveAll 20000 

Port based GVRP Configuration: 

GVRP enabled ports 


eth 0/24 


# 
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show gvrp statistics 


Use the show gvrp statistics command to show statistics related to GARP VLAN Registration Protocol 
(GVRP). Variations of this command include: 


show gvrp statistics 
show gvrp statistics interface <interface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ome excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





interface <interface> Optional. Shows the information for the specified interface. Specify an 
interface in the format </nterface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show gvrp statistics interface ? for a complete list of applicable 
interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays statistics related to GVRP for Ethernet interface 0/24: 


>enable 

#show gvrp Statistics interface ethernet 0/24 
Name: eth 0/24 

Join Empty Received: 0 

Join In Received: 272 

Empty Received: 30 

Leave Empty Received: 0 

Leave In Received: 0 

etc. 
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show hosts 


Use the show hosts command to display information, such as the domain name, name lookup service, a list 
of name server hosts, and the cached list of host names and addresses on the network to which you can 
connect. Variations of this command include: 


show hosts 

show hosts verbose 

show hosts vrf <name> 

show hosts vrf <name> verbose 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 


verbose Optional. Enables detailed messaging. 
vrf <name> Optional. Displays information only for the specified VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





The list below describes the fields contained in the host table: 


« Flags: Indicate whether the entry is permanent (perm) or temporary (temp). 
« Age: Indicates the age of the entry. 

* Type: Shows the protocol type as addresses (A) or service (SRV). 

¢ Priority: 1 or 2. 

¢ Address: Displays the IP address for the entry. 
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VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example is sample output from the show hosts command: 


>enable 

#show hosts 

Name/address lookup uses domain name service 
DNS Proxy is enabled 

Default domain is DOMAIN.NET 

Name servers are 10.100.43.254 


Host Flags Age Type Priority | Address/Alias 

net-srv3.adtran.com temp 172798 A - 172.22.48.13 
srv-dhcp1.adtran.com temp 172798 A - 172.22.48.47 
srv-dhcp2.adtran.com temp 172798 A - 172.22.48.48 
www.adtran.com temp 172798 A - 172.23.100.11 
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show interfaces 


Use the show interfaces command to display configuration parameters and current statistics for all switch 
port interfaces (or a specified switch port interface). These commands are valid only on switch ports. 
Variations of this command include the following: 


show interfaces description 

show interfaces status 

show interfaces <interface> switchport 
show interfaces <interface> switchport vlans 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





description Displays information, such as description, administrative status, line 
protocol status, and description for all the interfaces. 


status Displays information, such as description, type, status, VLAN, speed, and 
duplex for all the Ethernet interfaces only. 


switchport Displays information, such as description, administrative status, line 
protocol status, and description for all the switch ports. 

<interface> Optional. Specifies a switch port interface in the format <interface type 
[slot/port | slot/port.subinterface id | interface id | interface id.subinterface 
id]>. For example, for a T1 interface, use t1 0/1; for an Ethernet 
subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM 
subinterface, use atm 1.1. Type show switchport ? for a complete list of 
valid interfaces. 


vilans Optional. Displays the VLAN membership information for a specific switch 
port or series of switch ports. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 

Release 6.1 Command expanded to include the switchport option. 

Release 10.1 Command was expanded to include the vians option. 

Release 11.1 Description and status options were introduced. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is sample output from the show interfaces description command: 


>enable 


#show interfaces description 


Interface 
eth 0/1 
eth 0/2 
eth 0/3 
eth 0/4 
eth 0/5 
eth 0/6 
eth 0/7 
eth 0/8 
eth 0/9 
eth 0/10 
eth 0/11 
eth 0/12 
eth 0/13 
eth 0/14 
eth 0/15 
eth 0/16 
eth 0/17 
eth 0/18 
eth 0/19 
eth 0/20 
eth 0/21 
eth 0/22 
eth 0/23 
eth 0/24 
giga-eth 0/1 
giga-eth 0/2 


Status 

Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 
Admin Up 


Protocol 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Down 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Up 
Line Down 


Description 
Desk 1 
Desk 2 
Desk 3 
Desk 4 
Desk 5 
Desk 6 
Desk 7 
Desk 8 
Desk 9 
Desk 10 
Desk 11 
Desk 12 
Desk 13 
Desk 14 
Desk 15 
Desk 16 
Desk 17 
Desk 18 
Desk 19 
Desk 20 
Desk 21 
Desk 22 
Desk 23 
Desk 24 
Uplink Trunk 
Unused 
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The following is sample output from the show interfaces switchport command: 


>enable 

#show interfaces switchport 
Name: eth 0/1 

Switchport: enabled 
Administrative mode: access 
Negotiation of Trunking: access 
Access mode VLAN: 1 
Trunking Native mode VLAN: 1 
Trunking VLAN Enabled: 1-4094 
Name: eth 0/2 

Switchport: enabled 
Administrative mode: access 
Negotiation of Trunking: access 
Access mode VLAN: 12..... 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 


342 


Command Reference Guide Enable Mode Command Set 





show interfaces <interface> 


Use the show interfaces command to display configuration parameters and current statistics for all 
interfaces (or a specified interface). Variations of this command include the following: 


show interfaces <interface> 

show interfaces <interface> performance-statistics 

show interfaces <interface> performance-statistics <x-y> 

show interfaces <interface> performance-statistics total-24-hour 
show interfaces <i/nterface> realtime 

show interfaces <interface> verbose 

show interfaces <interface> version 





Wor Not all subcommands apply to all interfaces. Type show interfaces <interface> ? for a list 


of valid subcommands for the specified interface. 








The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





<interface> Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show interfaces ? for a complete list of valid 


interfaces. 
performance-statistics Optional. Displays all 96 stored intervals. 
<x-y> Optional. Shows a specified interval (x) or range of intervals (x-y). 
total-24-hour Optional. Displays the current 24-hour totals. 
realtime Optional. Displays full-screen output in real time. Refer to the Functional 


Notes below for more information. 


verbose Optional. Displays detailed configuration information on the terminal screen 
(versus only the nondefault values). 
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version Optional. Displays current version information (e.g., model and list number, 
software version, etc.) for the interface. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 

Release 6.1 Command was updated to include performance-statistics 
option. 

Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 

Release 10.1 The realtime option and PRI interface were added. 

Release 11.1 Description, status, and verbose options were introduced. The 
demand, FXO, and serial interfaces were added. 

Release 17.1 Command was expanded to include modifiers begin, exclude, 
include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following are samples from various show interfaces commands: 


>enable 
#show interfaces t1 1/1 
t1 1/1 is UP 
T1 coding is B8ZS framing is ESF 
Clock source is line FDL type is ANSI 
Line build-out is OdB 
No remote loopbacks No network loopbacks 
DSO Status: 123456789012345678901234 
NNNNNNNNNNNNNNNNNNNNNNNN 
Line Status: -- No Alarms -- 
Current Performance Statistics: 
0 Errored Seconds 0 Bursty Errored Seconds 
0 Severely Errored Seconds 0 Severely Errored Frame Seconds 
0 Unavailable Seconds 0 Path Code Violations 
0 Line Code Violations 0 Controlled Slip Seconds 
0 Line Errored Seconds 0 Degraded Minutes 
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#show interfaces modem 1/2 
modem 1/2 is UP 
Line status: on-hook 
Caller ID will be used to route incoming calls 
0 packets input 0 bytes 0 no buffer 
0 runts 0 giants 0 throttles 
0 input errors 0 CRC 0 frame 
0 abort 0 ignored 0 overruns 
0 packets output 0 bytes 0 underruns 
0 input clock glitches 0 output clock glitches 
0 carrier lost 0 cts lost 


#show interfaces eth 0/1 

Ip address is 10.200.1.50 
Netmask is 255.255.0.0 

MTU is 1500 

Fastcaching is Enabled 

RIP Authentication is Disabled 
RIP Tx uses global version value 
RIP Rx uses global version value 


#show interfaces dds 1/1 
dds 1/1 is UP line protocol is UP 
Encapsulation FRAME-RELAY (fr 1) 
Loop rate is set to 56000 actual rate is 56000 
Clock source is line 
Data scrambling is disabled 
No Loopbacks 
75 packets input 6108 bytes 0 no buffer 
0 runts 0 giants 0 throttles 
0 input errors 0 CRC 0 frame 
0 abort 0 ignored 0 overruns 
81 packets output 11496 bytes 0 underruns 
0 input clock glitches 0 output clock glitches 
0 carrier lost 0 cts lost 


#show interfaces fr 1 
TDM group 10 line protocol is UP 
Encapsulation FRAME-RELAY (fr 1) 
463 packets input 25488 bytes 0 no buffer 
0 runts 0 giants 0 throttles 
0 input errors 0 CRC 0 frame 
0 abort 0 ignored 0 overruns 
864 packets output 239993 bytes 0 underruns 
0 input clock glitches 0 output clock glitches 
0 carrier lost 0 cts lost 
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Line Status: -- No Alarms -- 
Current Performance Statistics: 
0 Errored Seconds 0 Bursty Errored Seconds 
0 Severely Errored Seconds 0 Severely Errored Frame Seconds 
0 Unavailable Seconds 0 Path Code Violations 
0 Line Code Violations 0 Controlled Slip Seconds 
0 Line Errored Seconds 0 Degraded Minutes 


#show interfaces fr 1.100 

fr 1.100 is Active 

Ip address is 63.97.45.57, mask is 255.255.255.248 
Interface-dici is 100 

MTU is 1500 bytes, BW is 96000 Kbit (limited) 
Average utilization is 53% 


#show interfaces shdsl 1/1 
shdsl 1/1 is UP, line protocol is DOWN 
Encapsulation FRAME-RELAY IETF (fr 1) 
Equipment type is cpe 
Line rate is 2056kbps 
No alarms. 
SHDSL training complete. EOC is up. 
No local loopbacks, No remote loopbacks 
SNR margin is 18dB currently, 15dB minimum, 30dB maximum 
Loop attenuation is 1dB currently, 1dB minimum, 1dB maximum 
Current 15-minute performance statistics (115 seconds elapsed): 
0 code violations, 0 loss of sync word seconds 
0 errored seconds, 0 severely errored seconds 
0 unavailable seconds 
Packet Statistics: 
0 packets input, 0 bytes, 0 no buffer 
0 runts, 0 giants, 0 throttles 
0 input errors, 0 CRC, 0 frame 
0 abort, 0 ignored, 0 overruns 
32 packets output, 0 bytes, 0 underruns 
0 input clock glitches, 0 output clock glitches 


If the user has configured a Bc and Be value on the virtual circuit, the bandwidth (BW) 
displayed is the sum of those values (Bc + Be). If not, the value for BW is the speed of the 
‘ore interface. The Average utilization displayed is the average utilization of the displayed 


bandwidth. If the bandwidth number is the Bc + Be value, the (limited) text appears (as 
shown above). 
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show interfaces adsl <s/ot/port> 


Use the show interfaces adsl command to display information related to the ADSL port. Variations of this 
command include: 


show interfaces adsl <s/ot/port> 

show interfaces adsl <s/ot/port> information 

show interfaces adsl <s/ot/port> information atuc 

show interfaces adsl <s/ot/port> information atur 

show interfaces adsl <s/ot/port> information bit-allocation 

show interfaces adsl <s/ot/port> performance-statistics 

show interfaces adsl <s/ot/port> performance-statistics <x-y> 

show interfaces adsl <s/ot/port> performance-statistics total-24-hour 

show interfaces adsl <s/ot/port> performance-statistics total-previous-24-hour 
show interfaces adsl <s/ot/port> version 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 


<slot/port> Specifies ADSL interface slot and port number. 
information Optional. Displays all ADSL interface information. 
atuc Optional. Displays only ADSL remote information. 
atur Optional. Displays only ADSL local information. 
bit-allocation Optional. Displays only ADSL DMT bit-allocation table. 
performance-statistics Optional. Displays all 96 stored intervals. 
<Xx-y> Optional. Displays only a specified interval (x) or range of intervals (x-y). 
total-24-hour Optional. Displays only the current 24-hour totals. 


total-previous-24-hour Optional. Displays only the previous 24-hour totals. 


version Optional. Displays current version information (e.g., model and list number, 
software version, etc.) for the interface. 


Default Values 





No default is necessary for this command. 
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Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, 
include. 


Usage Examples 





The following example shows sample output for this command: 


>enable 

#show interfaces adsl 1/1 information 
adsl 1/1 line information 

adsl 1/1 Local Line Information 





Vendor Id: 00000000 
Serial Number: 00000000 
Firmware Version: 
ADSL Capabilities GDMT, G.LITE, ADSL2, ADSL2+ 
adsl 0/1 Remote Line Information 
Vendor Id: 00000000 
Serial Number: 00000000 
Firmware Version: 0 
ADSL Capabilities GDMT, G.LITE, ADSL2, ADSL2+ 
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show interfaces cellular 


Use the show interfaces cellular command to display configuration parameters and current statistics for a 
cellular interface. Variations of this command include the following: 


show interfaces cellular <s/ot/port> 

show interfaces cellular <s/oi/port>hardware 
show interfaces cellular <s/ot/port> profile 
show interfaces cellular <s/ot/port> realtime 
show interfaces cellular <s/ot/port> version 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





hardware Optional. Specifies cellular hardware information is displayed. 
profile Optional. Specifies cellular profile information is displayed. 
realtime Optional. Specifies display output is shown in realtime. 
version Optional. Specifies cellular version information is displayed. 


Default Values 





No default values are associated with this command. 


Command History 


Release 17.2 Command was introduced. 


Usage Examples 





The following example displays cellular hardware information for cellular interface 1/1: 


>enable 

#show interfaces cellular 1/1 hardware 
Electronic Serial Number (ESN) : 0x12345678 
Preferred Roaming List (PRL) Version : 12345 
Mobile Directory Number (MDN) : 0123456789 
Mobile Station ID (MSID) : 0123456789 
System ID (SID) : 1234 

Network ID (NID) : 12 
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show interfaces dot11ap 


Use the show interfaces dotllap command to display information related to an wireless access point 
(AP), radio, or virtual access point (VAP) interface. Variations of this command include: 


show interfaces dot11ap [<ap> | <ap/radio> | <ap/radio. vap>] 
show interfaces dot11ap <ap> control-protocol 
show interfaces dot11ap [<ap/radio> | <ap/radio.vap>] dot11 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<ap> Specifies the AP. Range is 1 to 8. 

</tadio> Specifies the radio associated with the AP. Range is 1 to 2. 
<.vap> Specifies the VAP associated with the radio. Range is 1 to 8. 
control-protocol Optional. Displays properties of the control protocol for the AP. 
dot11 Optional. Displays counters of an 802.11 radio’s VAPs. 





The radio must be specified in the format <ap/radio> (for example, 2/1 indicates radio I 
on access point 2). The virtual access point must be specified in the format 
<ap/radio.vap> (for example, 2/1.1 indicates virtual access point I on radio I on access 
point 2). 





Default Values 





No default is necessary for this command. 


Command History 





Release 15.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, 
include. 
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Usage Examples 





The following example shows sample output for the AP interface 1 using the show interfaces dot11ap 
command: 


>enable 

#show interfaces doti1ap 1 

Doti1 AP 1 line protocol is UP 

Controller Status: Local AC in control 

Ap Version: FW: 1.0 0.4, DRVR: 1.0 0.0, HW: 1.0 0.0 

Ap S/N: LBADTN0625XC975 

AP MAC address: 00:A0:C8:1D:F8:57 

Radio1 - 802.11bg - Enabled, channel 0, address: 00:A0:C8:1D:F8:59 
Radio2 - 802.11a - Disabled, channel 0, address: 00:A0:C8:1D:F8:58 
Bootup Status: Normal 

Ap Status: With Session 

Controlling AC: 00:A0:C8:20:E7:D6 

802.1Q Encapsulation - Disabled 

Auto 100Mbps, Full Duplex 


Ethernet Statistics: 
Ethernet Rx Packets: 291476 
Ethernet Rx Bytes: 20908434 
Ethernet Tx Packets: 67346 
Ethernet Tx Bytes: 10606783 


The following example shows sample output for the AP interface 1 using the show interfaces dot11ap 
<ap> control-protocol command: 


>enable 

#show interfaces dot11ap 1 control-protocol 

AP State: Running with session 

Control State: Controlled by this AC 
Control Protocol Transmit Bytes: 4080386 
Control Protocol Receive Bytes: 9435172 
Control Protocol Transmit Packets: 52203 
Control Protocol Receive Packets: 65931 
Control Protocol Receive Keepalives: 14914 
Control Protocol Receive Security Errors: 0 
Control Protocol Dropped Packets: 0 
Control Protocol Protocol Errors: 0 
Control Protocol Protocol No Responses: 0 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 351 


Command Reference Guide Enable Mode Command Set 





The following example shows sample output for the radio interface 1 on AP interface 1 using the show 
interfaces doti1ap <ap/radio> dot11 command: 


>enable 

#show interfaces dot11ap 1/1 dot11 
Authentication Count: 17 
Deauthentication Count: 48 
Association Count: 18 

Disassociation Count: 12 
Reassociation Count: 0 

Wireless MSDU Rx Packets: 346 
Wireless Data Rx Packets: 7221 
Wireless Multicast Rx Packets: 308 
Wireless Management Rx Packets: 667521 
Wireless Control Rx Packets: 0 
Wireless MSDU Tx Packets: 236613 
Wireless Data Tx Packets: 236210 
Wireless Multicast Tx Packets: 236166 
Wireless Management Tx Packets: 599 
Wireless Control Tx Packets: 0 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 352 


Command Reference Guide Enable Mode Command Set 





show ip access-lists 


Use the show ip access-lists command to display all configured IP access control lists (ACLs) in the 
system. Variations of this command include: 


show ip access-lists 
show ip access-lists <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Specifies a particular ACL to display. 


Default Values 





No default value necessary for this command. 


Command History 


Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





The show ip access-lists command displays all configured IP access control lists in the system. All 
entries in the access control list are displayed, and a counter indicating the number of packets matching 
the entry is listed. 


Usage Examples 





The following is a sample output from the show ip access-lists command: 


>enable 
#show ip access-lists 
Standard IP access list MatchAll 
permit host 10.3.50.6 (0 matches) 
permit 10.200.5.0 wildcard bits 0.0.0.255 (0 matches) 
Extended IP access list UnTrusted 
deny icmp 10.5.60.0 wildcard bits 0.0.0.255 any source-quench (0 matches) 
deny tcp any any (0 matches) 
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show ip arp 


Use the show ip arp command to display the Address Resolution Protocol (ARP) table. Variations of this 
command include: 


show ip arp 

show ip arp realtime 

show ip arp vrf <name> 

show ip arp vrf <name> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wo Using the realtime argument for this command can adversely affect the performance or 
your unit. 








Syntax Description 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


vrf <name> Optional. Displays information only for the specified VRF. 


Default Values 





No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 

Release 10.1 The real time display option was introduced. 

Release 16.1 Command was expanded to include the VRF parameter. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is a sample output of the show ip arp command: 


>enable 

#show ip arp 

ADDRESS TTL(min) MAC ADDRESS INTERFACE TYPE 
10.22.18.3 19 00:E0:29:6C:BA:31 eth 0/1 Dynamic 
192.168.20.2 16 00:A0:C8:0D:E9:AD_ eth 0/2 Dynamic 
224.0.0.5 20 01:00:5E:00:00:05 eth0/2 Permanent 
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show ip as-path-list 


Use the show ip as-path-list command to display any AS path lists that have been configured in the router, 
along with any permit and deny clauses in each list. Variations of this command include: 


show ip as-path-list 
show ip as-path-list <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Specifies that the command display only the list matching the 
specified AS path listname. If not specified, all AS path lists are displayed. 


Default Values 





By default, this command displays all AS path lists. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





In the following example, all AS path lists defined in the router are displayed. 


>enable 

#show ip as-path-list 

ip as-path-list AsPathList1: 
permit 100 

permit 200 

permit 300 

deny 6500 

ip as-path-list AsPathList2: 
permit 400 

permit 500 
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In the following example, only the AS Path List with the name AsPathList2 is displayed. 


>enable 

#show ip as-path-list AsPathList2 
ip as-path-list AsPathList2: 

permit 400 

permit 500 
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show ip bgp 


Use the show ip bgp command to display details about the specified route, including the advertising router 
IP address, router ID, and the list of neighbors to which this route is being advertised. Variations of this 
command include: 


show ip bgp 

show ip bgp <ip address> 

show ip bgp <ip address> <subnet mask> 
show ip bgp summary 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<ijp address> Optional. Specifies a valid IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


<subnet mask> Optional. Specifies the subnet mask that corresponds to a range of IP 
addresses (network) or a specific host. Subnet masks can be expressed in 
dotted decimal notation (for example, 255.255.255.0) or as a prefix length 
(for example, /24). 


summary Optional. Displays a summary of the BGP route table. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following example shows detailed output of this command: 


>enable 
#show ip bgp 10.15.240.0/28 
BGP routing table entry for 10.15.240.0/28 
Paths: (1 available, best #1) 
Advertised to peers: 
1.1.5.10 
100 1 
10.15.43.17 from 10.15.43.17 (8.1.1.1) 
Origin IGP, metric 2, valid, external, best 


The following sample output of the show ip bgp summary command shows a summarized list of the 
configured BGP neighbors, as well as their status and statistics. 


>enable 

#show ip bgp summary 

BGP router identifier 192.168.3.1, local AS number 304 

8 network entries, 5 paths, and 23 BGP path attribute entries 


Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down _ State/PfxRcd 
10.22.131.1 4 302 95 104 0 0 01:30:06 9 
10.22131.9 4 302 97 105 0 0 01:30:07 21 
10.22.1329 4 303 200 179 0 0 02:43:09 21 
10.22.134.1 4 304 166 178 0 0 02:43:15 3 
10.22.134.10 4 304 174 179 0 0 02:43:24 7 
10.22.134.26 4 304 172 174 0 0 02:41:43 10 
10.22.134.34 4 304 164 174 0 0 02:41:40 4 
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show ip bgp community 


Use the show ip bgp community command to display only those routes learned via Border Gateway 
Protocol (BGP) that match the community numbers specified in the command. If no communities are 
specified, all BGP routes are shown. Variations of this command include: 


show ip bgp community 

show ip bgp community <number> 

show ip bgp community <number> exact 
show ip bgp community internet 

show ip bgp community internet exact 
show ip bgp community local-as 

show ip bgp community local-as exact 
show ip bgp community no-advertise 
show ip bgp community no-advertise exact 
show ip bgp community no-export 
show ip bgp community no-export exact 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<number> Optional. Displays routes that contain this value in their community 
attribute. This is a numeric value that can be an integer from 1 to 
4,294,967,295 or string in the form “aa:nn”, where the value of “aa” is the 
AS number and the value of “nn” is the community number. Multiple 
community-number parameters can be present in the command. 


exact Optional. Displays BGP routes with the community numbers specified and 
only those specified. 


internet Optional. Displays routes that contain this value in their community 
attribute. This represents the well-known reserved community number for 
the INTERNET community. 


local-as Optional. Displays routes that contain this value in their community 
attribute. This represents the well-known reserved community number for 
NO_EXPORT_SUBCONFED. Routes containing this attribute should not 
be advertised to external BGP peers. 

no-advertise Optional. Displays routes containing this value in the community attribute. 
This represents the well-known reserved community number for 
NO_ADVERTISE. Routes containing this attribute should not be advertised 
to any BGP peer. 
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no-export Optional. Displays routes containing this value in the community attribute. 
This represents the well-known reserved community number for 
NO_EXPORT. Routes containing this attribute should not be advertised to 
BGP peers outside a confederation boundary. 


Default Values 


By default, this command displays all BGP routes. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





In the following example, all BGP routes are displayed whose community numbers match those listed in 
the show ip bgp community command. 


>enable 

#show ip bgp community local-as 10:405 

BGP local router ID is 10.22.131.241, local AS is 302. 
Status codes: * valid, > best, i - internal, 0 - local 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Path 
10.22.152.20/30 10.22.131.10 304 302 300 134i 
10.22.152.24/29 10.22.131.10 304 302 3001345i 
10.22.152.36/30 10.22.131.10 304 302 300 134i 
10.22.152.52/30 10.22.131.10 304 302 300 134i 
11.0.0.0/30 10.22.131.10 304 302 30013461 
12.0.0.0/30 10.22.131.10 304 302 300 1346i 
13.0.0.0/30 10.22.131.10 304 302 3001346i 
14.0.0.0/30 10.22.131.10 304 302 300 13461 


Total RIB entries = 8 


Information displayed includes: the ID of this router and its Autonomous System (AS) number; the 
destination Network address of the route learned; the Next Hop address to that network; the Metric; the 
Local Preference (LocPrf) value (set using the set local-preference command); and the AS Path to the 
destination network. 
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The following is a sample output for the show-ip bgp community command with an exact match 
specified: BGP routes with the community numbers specified and only those specified are shown. 


>enable 

#show ip bgp community 1001 2001 3001 exact 
BGP local router ID is 192.168.9.1, local AS is 252. 
Status codes: * valid, > best, i - internal, o - local 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network NextHop Metric LocPrf Path 
*192.168.11.0/24 10.22.27.251 249 251 i 
*192.168.12.0/24 10.22.27.251 249 251 i 
*> 192.168.32.0/24 10.22.27.249 249 j 
*> 192.168.33.0/24 10.22.27.249 249 | 


Total RIB entries = 4 
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show ip bgp community-list 


Use the show ip bgp community-list command to display Border Gateway Protocol (BGP) routes that are 
permitted by the specified community list. Variations of this command include: 


show ip bgp community-list <name> 
show ip bgp community-list <name> exact 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Specifies the name of the community list whose routes you wish to display. 


exact Optional. Restricts the routes displayed to only those whose community lists 
exactly match those specified in the named community list. If this parameter 
is omitted, all routes matching any part of the specified community list will 
be displayed. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Information displayed includes the ID of this router and its Autonomous System (AS) number, the 
destination Network address of the route learned, the Next Hop address to that network, the Metric, the 
Local Preference (LocPrf) value (set using the set local-preference * command), and the AS Path to the 
destination network. 
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Usage Examples 





In the following example, all BGP routes are displayed whose community numbers match those defined in 
the community list named CList1. 


>enable 

#show ip bgp community-list CList1 

BGP local router ID is 10.22.131.241, local AS is 302. 
Status codes: * valid, > best, i - internal, o - local 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Path 
10.22.152.20/30 10.22.131.10 304 302 300 134i 
10.22.152.24/29 10.22.131.10 304 302 300 134 5i 
10.22.152.36/30  10.22.131.10 304 302 300 134i 
10.22.152.52/30 10.22.131.10 304 302 300 134i 
11.0.0.0/30 10.22.131.10 304 302 300 13461 
12.0.0.0/30 10.22.131.10 304 302 300 134 6i 
13.0.0.0/30 10.22.131.10 304 302 300 134 6i 
14.0.0.0/30 10.22.131.10 304 302 300 134 6i 
20.0.0.0/30 10.22.131.10 304 302 300 134 5i 
21.0.0.0/30 10.22.131.10 304 302 300 134 5i 


Total RIB entries = 10 
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show ip bgp neighbors <ip address> 


Use the show ip bgp neighbors command to display information for the specified Border Gateway 
Protocol (BGP) neighbor. Variations of this command include the following: 


show ip bgp neighbors 

show ip bgp neighbors <ip address> 

show ip bgp neighbors <ip address> advertised-routes 
show ip bgp neighbors <ip address> received-routes 
show ip bgp neighbors <ip address> routes 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<ijpp address> Optional. Displays information for the specified neighbor. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


If no IP address is entered, information for all neighbors is displayed. 


advertised-routes Optional. Displays all routes being advertised to the specified neighbor. 
Command output is the same as for show ip bgp except filtered to only the 
BGP routes being advertised to the specified neighbor. 


received-routes Optional. Displays all routes (accepted and rejected) advertised by the 
specified neighbor. Routes may be rejected by inbound filters, such as 
prefix list filters. 


routes Optional. Displays all accepted received routes advertised by the specified 
neighbor. Routes displayed have passed inbound filtering. This command 
output is the same as show ip bgp except the output is filtered to those 
learned from the specified neighbor. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 


Entries that are not filtered by prefix lists are marked with an asterisk (*) to show they are valid. Entries that 
are deemed the best path to advertised route are marked with a caret (>). 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 365 


Command Reference Guide 


Enable Mode Command Set 





Usage Examples 





The following are output variations of the show ip bgp neighbors command: 


>enable 
#show ip bgp neighbors 
BGP neighbor is 10.15.43.17, remote AS 100, external link 
Configured hold time is 180, keepalive interval is 60 seconds 
Default minimum time between advertisement runs is 30 seconds 
Connections established 6; dropped 5 
Last reset: Interface went down 
Connection ID: 15 

BGP version 4, remote router ID 8.1.1.1 

BGP state is Established, for 01:55:05 

Negotiated hold time is 180, keepalive interval is 60 seconds 

Message statistics: 

InQ depth is 0, OutQ depth is 0 

Local host: 10.15.438.18, Local port: 179 


Sent Revd 
Opens:1 1 
Notifications: 0 0 
Updates: 0 8 
Keepalives: 116 116 
Unknown: 0 0 
Total: 117 125 


Foreign host: 10.15.43.17, foreign port: 1048 
Flags: passive open 


#show ip bgp neighbors 10.15.43.34 advertised-routes 
BGP local router ID is 10.0.0.1, local AS is 101. 

Status codes: * valid, > best, i - internal 

Origin codes: i - IGP, e - EGP, ? - incomplete 


Network NextHop Metric Path 
*> 1.0.0.0/8 10.15.43.17 1 100i 
*> 2.0.0.0/9 10.15.43.17 1 100i 


#show ip bgp neighbors 10.15.43.17 received-routes 
BGP local router ID is 10.0.0.1, local AS is 101. 

Status codes: * valid, > best, i - internal 

Origin codes: i - IGP, e - EGP, ? - incomplete 


Network NextHop Metric Path 
*> 1.0.0.0/8 10.15.43.17 1 100i 
*> 2.0.0.0/9 10.15.43.17 1 100i 
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#show ip bgp neighbors 10.15.43.17 routes 
BGP local router ID is 10.0.0.1, local AS is 101. 
Status codes: * valid, > best, i - internal 

Origin codes: i - IGP, e - EGP, ? - incomplete 


Network NextHop Metric Path 
*> 1.0.0.0/8 10.15.43.17 1 100i 
*> 2.0.0.0/9 10.15.43.17 1 100 
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show ip bgp regexp <expression> 


Use the show ip bgp regexp command to display a summary of the BGP route table that includes routes 
whose autonomous system (AS) path matches the specified expression. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<expression> Displays routes whose AS path matches the regular expression specified. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Entries that are not filtered by prefix lists are marked with an asterisk (*) to show they are valid. Entries that 
are deemed the best path to advertised route are marked with a caret (>). 


Usage Examples 





The following sample output of the show ip bgp regexp _303_ command shows all of the entries in the 
BGP database that contain “303” in the AS path. 


>enable 

#show ip bgp regexp _303_ 

BGP local router ID is 192.168.3.1, local AS is 304. 
Status codes: * valid, > best, i - internal, o - local 
Origin codes: i - IGP, e - EGP, ? - incomplete 
Network NextHop Metric LocPrf Path 
10.22.130.8/29 10.22.132.9 303 304 302 i 
*}10.22.130.240/28 0.22.132.1 100 303 300 i 

* 10.22.130.240/28 10.22.132.9 303 300 i 
10.22.131.0/29 10.22.132.9 303 304 302 i 
10.22.131.8/29 10.22.132.9 303 304 302 i 
*)10.22.131.16/29 10.22.132.1 0 100 303 i 
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* 10.22.131.16/29 10.22.132.9 0 303 i 
*110.22.131.240/28 10.22.132.1 100 303 300 i 
* 10.22.131.240/28 10.22.132.9 303 300 i 
* 10.22.132.0/29 10.22.131.1 0 302 303i 
* 10.22.132.0/29 10.22.131.9 0 302 303i 
*110.22.132.0/29 10.22.132.1 0 100 303 i 
*> 10.22.132.0/29 10.22.132.9 0 303 i 

* 10.22.132.8/29 10.22.131.1 0 302 303 i 
* 10.22.132.8/29 10.22.131.9 0 302 303 i 
* 10.22.132.8/29 10.22.132.9 0 303 i 
*110.22.132.240/28 10.22.132.1 0 100 303 i 
*> 10.22.132.240/28 10.22.132.9 0 303 i 
10.22.134.0/29 10.22.132.9 303 304 i 
10.22.134.8/29 10.22.132.9 303 304 i 
10.22.134.16/29 10.22.132.9 303 304 i 
10.22.134.24/29 10.22.132.9 303 304 i 
10.22.134.32/29 10.22.132.9 303 304 i 
10.22.134.40/29 10.22.132.9 303 304 i 
10.22.134.48/29 10.22.132.9 303 304 i 
10.22.134.56/29 10.22.132.9 303 304 i 
10.22.134.64/29 10.22.132.9 303 304 i 
10.22.134.80/29 10.22.132.9 303 304 i 
10.22.135.0/29 10.22.132.9 303 304 305 i 
10.22.135.8/29 10.22.132.9 303 304 305 i 
Total RIB entries = 30 
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show ip cache 


Use the show ip cache command to display the fast cache table. Variations of this command include the 
following: 


show ip cache 
show ip cache vrf <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





vrf <name> Optional. Displays information for only the specified VRF. 


Default Values 





No default necessary for this command. 


Command History 


Release 9.3 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 
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Usage Examples 





The following example shows sample output from the show ip cache command for the default VRF 
(router): 


>enable 

#show ip cache 

DESTINATION INTERFACE NEXT HOP USE COUNT MAC ADDRESS 
224.0.0.5 Loopback 127.0.0.1 0 

10.22.18.3 eth 0/1 10.22.18.3 0 00:E0:29:6C:BA:31 
10.22.18.6 Loopback 127.0.0.1 18 

192.168.30.2 eth 0/2 192.168.20.2 0 00:A0:C8:0D:E9:AD 
10.22.18.255 Loopback 127.0.0.1 2 

255.255.255.255 Loopback 127.0.0.1 2 

192.168.20.1 Loopback 127.0.0.1 25 


IP routing cache 7 entries 
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show ip community-list 


Use the show ip community-list command to display any or all defined community lists in the router 
configuration. Variations of this command include: 


show ip community-list 
show ip community-list <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Specifies the name of the community list you wish to display. If this 
parameter is omitted, all defined community lists will be displayed. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows two community lists, one of which permits all routes containing community 
number 10:67, and another which permits routes containing community number 10:68 and the internet 
community number, but denies routes containing community number 10:45. 


>enable 

#show ip community-list 

ip community-list CommList1: 
permit 10:67 

ip community-list CommList2: 
permit 10:68 internet 

deny 10:45 
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show ip dhcp-client lease 


Use the show ip dhcp-client lease command to display all Dynamic Host Client Protocol (DHCP) lease 
information for interfaces that have dynamically assigned IP addresses. Variations of this command 
include: 


show ip dhcp-client lease 
show ip dhcp-client lease <interface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Optional. Displays the information for the specified interface type. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show ip dhep-client lease ? for a complete list of applicable interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show ip dhcp-client lease command: 


>enable 

#show ip dhcp-client lease 

Interface: ethernet 0/1 

Temp IP address: 10.100.23.64 Mask: 0.0.0.0 
DHCP Lease server: 10.100.23.207 State: Bound (3) 
Lease: 120 seconds 

Temp default gateway address: 0.0.0.0 
Client-ID: N/A 
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show ip dhcp-server binding 


Use the show ip dhcep-server binding command to display the Dynamic Host Client Protocol (DHCP) 
server client table with associated information. Variations of this command include: 


show ip dhcp-server binding 

show ip dhcp-server binding </p address> 

show ip dhcp-server binding vrf <name> 

show ip dhcp-server binding vrf <name> <ip address> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<ijpp address> Optional. Specifies the IP address of the specified client. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


vrf <name> Optional. Displays information only for the specified VRF. If a VRF is not 
specified, the default VRF is assumed. 


Default Values 


No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 


Release 17.1 Command was expanded to include the VRF parameter and the modifiers 
begin, exclude, include. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 
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Usage Examples 





The following is a sample output from the show ip dhcp-server binding command: 


>enable 
#show ip dhcp-server binding 
IP Address Client Id Lease Expiration Client Name 


10.100.23.64 01:00:a0:c8:00:8f:b3 Aug 15 2002 11:02 AM Router 


The following example shows sample output from the show ip dhcp-server binding Gray command: 


>enable 
#show ip dhcp-server binding vrf Gray 
IP Address Client Id Lease Expiration Client Name 


192.168.19.2 01:00:e0:29:91:1e:27 Oct 16 2007 10:58 AM Estclair4 
192.168.19.3 01:00:e0:81:01:53:01 Oct 16 2007 12:42 PM sylvester 
192.168.19.4 01:00:15:c5:6a:69:ec Oct 16 2007 1:35 PM Dell-Wifi06 
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show ip ffe 


Use the show ip ffe command to display all the RapidRoute Engine (formerly FFE) entries that match the 
specified parameters. Variations of this command include: 


show ip ffe 

show ip ffe destination <ip address> 
show ip ffe destination-port <port> 
show ip ffe details 

show ip ffe egress <interface> 
show ip ffe icmp-type <type> 
show ip ffe ingress <interface> 
show ip ffe protocol <protocol> 
show ip ffe source </p address> 
show ip ffe source-port <port> 
show ip ffe summary 

show ip ffe type <type> 


The displayed output of these variations may be further defined through the use of additional 
subcommands. To view the additional subcommands available, type the variation of show command 
followed by the ? symbol. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 


destination </p address> Optional. Displays FFE entries for the specified destination IP. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


destination-port <port> Optional. Displays FFE entries for the specified destination port (TCP or 
UDP only). 

details Optional. Displays detailed information. 

egress <interface> Optional. Displays FFE entries for the specified egress interface. Specifies 


an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show ip ffe [egress | ingress] ? for a complete list of valid interfaces. 


icmp-type <type> Optional. Displays FFE entries for the specified ICMP type (ICMP only). 
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ingress <interface> Optional. Displays FFE entries for the specified ingress interface. Specifies 
an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show ip ffe [egress | ingress] ? for a complete list of valid interfaces. 


protocol <protocol> Optional. Displays FFE entries for the specified protocol. 

source <ip address> Optional. Displays FFE entries for the specified source IP. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 

source-port <port> Optional. Displays FFE entries for the specified source port (TCP or UDP 
only). 

summary Optional. Displays summary of FFE entries. 

type <type> Optional. Displays FFE entries of the specified type. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show ip ffe summary command: 


>enable 

#show ip ffe summary 

Ingress MaxEntries Entries Hits Misses Drops 
eth0/1 4096 1 0 56 0 
global 16384 1 0 56 0 
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show ip flow 


Use the show ip flow command to display information regarding the configuration of integrated traffic 
monitoring (ITM) on your AOS product. Variations of this command include: 


show ip flow cache 
show ip flow export 
show ip flow interface 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





cache Displays a summary of the current state of the cache of nonexpired traffic 
flows. 

export Displays information on export packets sent to a destination. 

interface Displays the ITM configuration of each interface on the router. 

Defaults 





No default is necessary for this command. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example is sample output from the show ip flow export command: 


#show ip flow export 


Traffic Flow export is ENABLED 
Version: 9 
Export Destinations 
10.22.16.132: 9991 
vrf BLUE 
source ppp 1 
10.5.22.203: 30000 
11 flows exported in 8 udp datagrams 
0 flows failed to export 
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The following is sample output from the show ip flow cache command: 


#show ip flow cache 
IP Traffic Flow Cache 
Size: 682/4096 entries 
8206 total entries added 
95545 aging polls, last aging poll occurred 3 seconds ago 


The following is sample output from an AOS product with an Ethernet interface and a point-to-point 
interface configured for ITM: 


#show ip flow interface 
eth 0/1 

ip flow ingress 
ppp 1 

ip flow ingress 

ip flow egress 
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show ip flow top-talkers 


Use the show ip flow top-talkers command to view information pertinent to integrated traffic monitoring 
(ITM) Top Talker configuration and to reveal possible configuration problems. Variations of this 
command include: 


show ip flow top-talkers 

show ip flow top-talkers day 

show ip flow top-talkers hour 
show ip flow top-talkers day detail 
show ip flow top-talkers hour detail 
show ip flow top-talkers port 

show ip flow top-talkers port detail 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines after. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





day Optional. Specifies the display of Top Talker data for the current 24-hour 
period. 

hour Optional. Specifies the display of Top Talker data for the current hour. 

port Optional. Specifies the display of Top Talker monitored port traffic for the 
current interval. 

detail Optional. Specifies the display of information for previous and current 
intervals. 


Default Values 





There are no defaults for this command. 


Command History 





Release 17.1 Command was introduced. 
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Usage Examples 





The following is sample output from show ip flow top-talkers command: 


#show ip flow top-talkers 


Current Interval Top Talkers: 
1:00 PM to 1:15 PM 


Top Traffic Sources: Top Traffic Destinations: 

IP Address Packets IP Address Packets 
10.100.43.254 1451 10.22.162.3 735 
10.100.43.161 860 10.22.166.222 707 
10.22.160.253 384 10.22.160.7 407 
10.100.43.200 292 224.0.0.6 393 
10.22.165.17 222 10.22.130.6 391 


Top 5 talkers shown. 742 flows processed. 
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show ip igmp groups 


Use the show ip igmp groups command to display the multicast groups that have been registered by 
directly connected receivers using Internet Group Management Protocol (IGMP). If no multicast group IP 
address is specified, all groups are shown with this command. Variations of this command include: 


show ip igmp groups 
show ip igmp groups <multicast address> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<multicast address> Optional. Displays the IP address of a multicast group. The multicast group IP 
address range is 244.0.0.0 to 239.255.255.255 or 224.0.0.0 /4. 


Default Values 





No default value necessary for this command. 


Command History 





Release 7.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from this command: 


>enable 
#show ip igmp groups 
IGMP Connected Group Membership 


Group Address _ Interface Uptime Expires Last Reported 
172.0.1.50 Loopback100 00:42:57 00:02:50 172.23.23.1 
172.1.1.1 Ethernet0/1 00:05:26 00:02:51 1.1.1.2 
172.1.1.1 Loopback100 00:42:57 00:02:51 172.23.23.1 
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show ip igmp interface 


Use the show ip igmp interface command to display multicast-related information per-interface. If no 
interface is specified, this command shows information for all interfaces. Variations of this command 
include: 


show ip igmp interface 
show ip igmp interface </nterface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Optional. Displays information for a specific interface type. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use atm 
1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Enter the 
show ip igmp interface ? command for a complete list of interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 7.1 Command was introduced. 
Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following example is sample output from the show ip igmp interface command: 


>enable 

#show ip igmp interface 

eth 0/1 is UP 

Ip Address is 10.22.120.47, netmask is 255.255.255.0 
IGMP is enabled on interface 

Current IGMP version is 2 

IGMP query interval is 60 seconds 

IGMP querier timeout is 120 seconds 

IGMP max query response time is 10 seconds 
Last member query count is 2 

Last member query response interval is 1000 ms 
IGMP activity: 548 joins, 0 leaves 

IGMP querying router is 0.0.0.0 

IGMP helper address is disabled 
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show ip igmp snooping 


Use the show ip igmp snooping command to display Internet Group Management Protocol (IGMP) 
snooping information. Variations of this command include: 


show ip igmp snooping 

show ip igmp snooping mrouter 

show ip igmp snooping mrouter vian <vian id> 
show ip igmp snooping vlan 

show ip igmp snooping vlan <vian id> 





Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is 
disabled, you cannot enable VLAN IGMP snooping. If global snooping is enabled, you can 

‘one enable or disable VLAN IGMP snooping. Refer to ip igmp snooping on page 734 for more 
information. 








The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





mrouter Optional. Displays the ports associated with multicast routers. 

vlan Optional. Displays whether IGMP snooping is enabled or disabled for all 
VLANs. 

vlan <vian id> Optional. Displays whether IGMP snooping is enabled or disabled for a 
particular VLAN. 


Default Values 





No default value necessary for this command. 


Command History 


Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the ip igmp snooping vlan command: 


>enable 
#show ip igmp snooping vlan 1 
Vian 1: IGMP snooping is enabled on this VLAN 
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The following is sample output from the ip igmp snooping mrouter vlan command: 


>enable 

#show ip igmp snooping mrouter vian 200 
VLAN Ports 

iviocte nd bee Sy Ae Soames ere eee es Passe 
200 Gi0/2(static) 
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show ip interfaces 


Use the show ip interfaces command to display the status information for all IP interfaces (or a specific 
interface). Variations of this command include: 


show ip interfaces 
show ip interfaces <interface> 
show ip interfaces <interface> brief 





‘one To view secondary IP addresses, use the show running-config command. 








The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Optional. Displays status information for a specific interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show ip interfaces ? for a complete list of applicable interfaces. If no 
interface is specified, status information for all interfaces is displayed. 


brief Optional. Displays an abbreviated version of interface statistics for all IP 
interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 

Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 
Release 11.1 Demand interface was added. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample output of the show ip interfaces command: 


>enable 

#show ip interfaces 

eth 0/1 is UP, line protocol is UP 
Ip address is 10.10.10.1 
Netmask is 255.255.255.0 

MTU is 1500 

Fastcaching is Enabled 

RIP Authentication is Disabled 
RIP Tx uses global version value 
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show ip local policy 


Use the show ip local policy command to display information about the route-map used for local 
policy-based routing. Variations of this command include the following: 


show ip local policy 
show ip local policy vrf <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





vrf <name> Optional. Displays information for only the specified VRF. 


Default Values 





No default value necessary for this command. 


Command History 


Release 11.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 
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Usage Examples 





The following is sample output (just for the default VRF) from this command: 


>enable 
#show ip local policy 
Local policy routing is enabled, using route-map SAMPLE_RTEMAP 


route-map SAMPLE_RTEMAP, permit, sequence 1 
Match clauses: 


ip address (access-lists): SAMPLE_ACL 
Set clauses: 
BGP Filtering matches: 0 routes 
Policy routing matches: 0 packets 0 bytes 
Redistribution Filtering matches: 0 routes 
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show ip mroute 


Use the show ip mroute command to display IP multicasting routing table information. Variations of this 
command include: 


show ip mroute 

show ip mroute all 

show ip mroute </p address> 
show ip mroute <interface> 
show ip mroute summary 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





all Optional. Displays all multicast routes, including those not used to forward 
multicast traffic. 


<ijp address> Optional. Displays IP address of a multicast group. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


<interface> Optional. Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1tap 1/1.1. Type show ip mroute ? for a complete list of interfaces. 


summary Optional. Displays a single-line summary for each entry in the IP multicast 
routing table. 


Default Values 





No default value necessary for this command. 


Command History 


Release 7.1 Command was introduced. 

Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 
Release 11.1 The all option was added. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is sample output from the show ip mroute all command: 


>enable 
#show ip mroute all 
IP Multicast Routing Table 
Flags: S - Sparse, C - Connected, P - Pruned, J - Join SPT, T - SPT-bit Set, 
F - Register, R - RP-bit Set 
Timers: Uptime/Expires 
(*, 225.1.0.1), 01:17:34/00:03:25, RP 192.168.0.254, Flags: SC 
Forwarding Entry: Yes 
Incoming interface: tunnel 2, RPF nbr 172.16.2.10 
Outgoing interface list: 
eth 0/1, Forward, 01:17:34/00:03:25 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


392 


Command Reference Guide Enable Mode Command Set 





show ip ospf 


Use the show ip ospf command to display general information regarding open shortest path first (OSPF) 
processes. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show ip ospf command: 


>enable 

#show ip ospf 

Summary of OSPF Process with ID: 192.2.72.101 

Supports only single Type Of Service routes (TOS 0) 

SPF delay timer: 5 seconds, Hold time between SPFs: 10 seconds 
LSA interval: 240 seconds 

Number of external LSAs: 0, Checksum Sum: 0x0 

Number of areas: 0, normal: 0, stub: 0, NSSA: 0 
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show ip ospf database 


Use the show ip ospf database command to display information from the open shortest path first (OSPF) 
database regarding a specific router. There are several variations of this command which you can use to 
obtain information about different OSPF link state advertisements. The variations are shown below: 


show ip ospf <area id> database 

show ip ospf <area id> database adv-router <ip address> 

show ip ospf <area id> database database-summary 

show ip ospf <area id> database network 

show ip ospf <area id> database network <link-state id> 

show ip ospf <area id> database network </ink-siate id> adv-router <ip address> 
show ip ospf <area id> database network adv-router </p address> 
show ip ospf <area id> database router 

show ip ospf <area id> database router </ink-state id> 

show ip ospf <area id> database router </ink-state id> adv-router <ip address> 
show ip ospf <area id> database router adv-router <ip address> 

show ip ospf <area id> database summary 

show ip ospf <area id> database summary </ink-state id> 

show ip ospf <area id> database summary <link-state id> adv-router <ip address> 
show ip ospf <area id> database summary adv-router <ip address> 
show ip ospf database 

show ip ospf database adv-router <ip address> 

show ip ospf database database-summary 

show ip ospf database external 

show ip ospf database external </ink-state id> 

show ip ospf database external </ink-state id> adv-router <ip address> 
show ip ospf database external adv-router <ip address> 

show ip ospf database network 

show ip ospf database network </ink-state id> 

show ip ospf database network </ink-state id> adv-router <ip address> 
show ip ospf database network adv-router <ip address> 

show ip ospf database router 

show ip ospf database router </ink-state id> 

show ip ospf database router </ink-state id> adv-router <ip address> 
show ip ospf database router adv-router </p address> 

show ip ospf database summary 

show ip ospf database summary <link-state id> 

show ip ospf database summary </ink-state id> adv-router <ip address> 
show ip ospf database summary adv-router </p address> 
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The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 
<area id> Optional. Specifies an OSPF area ID. Refer to network <ip address> <wildcard 
mask> area <area id> on page 2210 for more information. 


adv-router </p address> Optional. Displays information about link-state advertisements from the 
specified advertising router IP address. IP addresses should be expressed 
in dotted decimal notation (for example, 10.10.10.1). 

database-summary Optional. Displays a simplified list of link-state advertisements for the 
specified area. 

external Optional. Displays information about external link-state advertisements from 
the specified link-state ID. 

network Optional. Displays information about network link-state advertisements for 
the specified area or from the specified link-state ID. 

router Optional. Displays information about router link-state advertisements for the 
specified area or from the specified link-state ID. 

summary Optional. Displays information about summary link-state advertisements for 
the specified area or from the specified link-state ID. 

<link-state id> Optional. Displays information from a specific link-state ID. The value 
defined in this field is tied to the advertisement’s LS type. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





The link state ID differs depending on whether the link state advertisement in question describes a network 
or a router. 


If describing a network, this ID is one of the following: 

« The network’s IP address. This is true for type 3 summary link advertisements and in autonomous 
system external link advertisements. 

« An address obtained from the link state ID. If the network link advertisement’s link state ID is masked 
with the network’s subnet mask, this will yield the network’s IP address. 


If describing a router, this ID is always the router’s OSPF router ID. 


Usage Examples 





The following example shows the database link state summary for all areas: 


>enable 
#show ip ospf database 
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show ip ospf interface 


Use the show ip ospf interface command to display open shortest path first (OSPF) information for a 
specific interface. Variations of this command include: 


show ip ospf interface 
show ip ospf interface <interface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Optional. Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show ip ospf interface ? for a complete list of 
applicable interfaces. 


Default Values 





No default value necessary for this command. 


Command History 


Release 3.1 Command was introduced. 
Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows OSPF information for the PPP 1 interface. 


>enable 
#show ip ospf interface ppp 1 
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show ip ospf neighbor 


Use the show ip ospf neighbor command to display open shortest path first (OSPF) neighbor information 
for a specific interface. Variations of this command include: 


show ip ospf neighbor 

show ip ospf neighbor detail 

show ip ospf neighbor </nterface> 

show ip ospf neighbor <interface> detail 

show ip ospf neighbor <interface> <neighbor id> 
show ip ospf neighbor </nterface> <neighbor id> detail 
show ip ospf neighbor <neighbor id> 

show ip ospf neighbor <neighbor id> detail 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





detail Optional. Displays detailed information on neighbors. 


<interface> Optional. Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show ip ospf neighbor ? for a complete list of 
applicable interfaces. 


<neighbor id> Optional. Specifies a specific neighbor’s router ID. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following example shows detailed information on the OSPF neighbors: 


>enable 
#show ip ospf neighbor 
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show ip ospf summary-address 


Use the show ip ospf summary-address command to display a list of all summary address redistribution 
information for the system. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all summary address redistribution information for the system: 


>enable 
#show ip ospf summary-address 
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show ip pim-sparse 


Use the show ip pim-sparse command to display protocol independent multicast (PIM) configuration 
information. Sparse mode or PIM-SM is a routing protocol used to establish and maintain the multicast 
distribution tree. Routers can participate in the shared tree (RPT) rooted at the rendezvous point (RP) 
router or the shortest-path tree (SPT) rooted at a multicast source. PIM-SM also establishes both shared 
trees and SPTs. Variations of this command include: 


show ip pim-sparse 

show ip pim-sparse interfaces <interface> 
show ip pim-sparse neighbor 

show ip pim-sparse rp-map 

show ip pim-sparse rp-set 

show ip pim-sparse state 

show ip pim-sparse traffic 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





interfaces <interface> Optional. Displays PIM-SM configuration and status information for a 
specific interface. Specify an interface in the format <interface type [slot/port 
| slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show ip pim-sparse interface ? to display a list of 
applicable interfaces. 


neighbor Optional. Displays neighbor adjacency information. 
rp-map Optional. Displays active group-to-RP mappings. 
rp-set Optional. Displays a list of statically configured RP candidates. The 


multicast group IP address is 224.0.0.0 /4 when no access group was 
applied to the rp-address command (refer to rp-address <ip address> on 
page 2222). Otherwise, it is the name of the access group. 


state Optional. Displays multicast route PIM state information. 
traffic Optional. Displays active PIM-SM control traffic statistics. 


Default Values 





No default necessary for this command. 
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Command History 





Release 11.1 Command was introduced. 


Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show ip pim-sparse command: 


>enable 

#show ip pim-sparse 

Global PIM Sparse Mode Settings 
Join/Prune interval: 60, SPT threshold: 1 


The following example shows sample output from the show ip pim-sparse interface command: 


>enable 
#show ip pim-sparse interface 
eth 0/1 is UP 
PIM Sparse 
DR: itself 
Local Address: 192.168.1.254 
Hello interval (sec): 30, Neighbor timeout (sec): 105 
Propagation delay (ms): 500, Override interval (ms): 2500 


tunnel 1 is UP 
PIM Sparse 
DR: 172.16.1.10 
Local Address: 172.16.1.9 
Hello interval (sec): 30, Neighbor timeout (sec): 105 
Propagation delay (ms): 500, Override interval (ms): 2500 


tunnel 2 is UP 
PIM Sparse 
DR: 172.16.2.10 
Local Address: 172.16.2.9 
Hello interval (sec): 30, Neighbor timeout (sec): 105 
Propagation delay (ms): 500, Override interval (ms): 2500 


The following example shows sample output from the show ip pim-sparse neighbor command: 


>enable 

#show ip pim-sparse neighbor 

Port Neighbor Holdtime(sec) Age(sec) Uptime(sec) 
tunnel 1 172.16.1.10 105 19 241908 
tunnel 2 172.16.2.10 105 23 241913 
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The following example shows sample output from the show ip pim-sparse rp-map command: 
>enable 

#show ip pim-sparse rp-map 

Number of group-to-RP mappings: 5 


Group address RP address 

225.1.0.1 192.168.0.254 
225.1.0.2 192.168.0.254 
225.1.0.3 192.168.0.254 


The following example shows sample output from the show ip pim-sparse rp-map set command: 


>enable 

#show ip pim-sparse rp-map set 

Group address Static-RP-address 
224.0.0.0/4 192.168.0.254 
MCAST_ACL_1 192.168.1.254 
MCAST_ACL_2 192.168.2.254 
MCAST_ACL_3 192.168.3.254 


The following example shows sample output from the show ip pim-sparse state command: 


>enable 

#show ip pim-sparse state 

PIM-SM State Table 

Flags: S - Sparse, C - Connected, P - Pruned, J - Join SPT, T - SPT-bit Set, 
F - Register, R - RP-bit Set 

Timers: Uptime/Expires 


(*, 225.1.0.1), 02:42:03/00:03:04, RP 192.168.0.254, Flags: SC 
Forwarding Entry: Yes 
Incoming interface: tunnel 2, RPF nbr 172.16.2.10 
Upstream Join/Prune State: Joined 
Register State: No Info 
RegStop Timer (sec): stopped 
Join/Prune Timer (sec): 57 
Override Timer (sec): stopped 
Multicast Border Router: 0.0.0.0 
Packets Forwarded: 2 
Outgoing interface list: 
eth 0/1, Forward, 02:42:03/00:03:03 
Downstream Join/Prune State: Join 
Assert Winner State: No Info 
Assert Timer (sec): stopped 
Assert Winner: 0.0.0.0 
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Assert Winner Metric: infinity 
Local Membership: Yes 
Forwarding State: Forwarding 
Inherited output list: 
eth 0/1 


The following example shows sample output from the show ip pim-sparse traffic command: 


>enable 
#show ip pim-sparse traffic 
Rx TX Rx TX 

Port: eth 0/1 

Hello: 7 8334 J/P: 0 0 
Register: 0 0 RegStop: 0 0 
Assert: 0 0 

Port: tunnel 1 

Hello: 8327 8333 J/P: 0 57 
Register: 0 0 RegStop: 0 0 
Assert: 0 0 

Port: tunnel 2 

Hello: 8323 8334 J/P: 0 11949 
Register: 0 0 RegStop: 0 0 
Assert: 0 0 
Total 

Hello: 16657 25001 J/P: 0 12006 
Register: 0 0 RegStop: 0 0 
Assert: 0 0 
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show ip policy 


Use the show ip policy command to display the interfaces which have route maps configured. This 
command is used for troubleshooting policy-based routing. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from this command: 


>enable 
#show ip policy 


Interface Route-map 
eth 0/1 ISP_A 
eth 0/2 ISP_B 
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show ip policy-class 


Use the show ip policy-class command to display the configured session limit and specific host IP 
addresses of all current sessions. Refer to ip policy-class <name> <action> on page 744 for information 
on configuring access policies. Variations of this command include: 


show ip policy-class 

show ip policy-class <name> 

show ip policy-class host-sessions 

show ip policy-class <name> host-sessions 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





host-sessions Optional. Displays specific host IP addresses of all current sessions. 
<name> Optional. Displays policy class information for a specific policy class. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 12.1 Command expanded to include host-sessions. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show ip policy-class command: 


>enable 
#show ip policy-class 


Maximum policy-sessions: 17400 

Policy-class “Private”: 

136 current sessions (5800 max) 

Entry 1 - allow list self self 

Entry 2 - nat source list wizard-ics interface ppp 1 overload 
Policy-class “Public”: 

0 current sessions (5800 max) 
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The following is a sample output from the show ip policy-class host-sessions command: 


>enable 
#show ip policy-class host-sessions 


Policy-class “Private”: 
100 policy-sessions allowed per source address. 


Src IP Address Sessions 


192.168.1.100 1 
192.168.1.101 35 
192.168.1.121 100 (maximum allowed) 


Policy-class “Public”: 
No limit for policy-sessions allowed per host. 


The following is a sample output from the show ip policy-class <policyname> host-sessions command 
for the policy class named Private: 


>enable 
#show ip policy-class Private host-sessions 


Policy-class “Private”: 
100 policy-sessions allowed per source address. 


Src IP Address Sessions 


192.168.1.100 1 
192.168.1.101 35 
192.168.1.121 100 (maximum allowed) 
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show ip policy-sessions 


Use the show ip policy-sessions command to display a list of current policy class associations. Refer to ip 
policy-class <name> <action> on page 744 for information on configuring access policies. Variations of 
this command include: 


show ip policy-sessions 

show ip policy-sessions include-deleted 

show ip policy-sessions <name> 

show ip policy-sessions <name> include-deleted 
show ip policy-sessions any-vrf 

show ip policy-sessions any-vrf include-deleted 
show ip policy-sessions include-deleted 

show ip policy-sessions vrf <name> 

show ip policy-sessions vrf <name> include-deleted 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 


<name> Optional. Displays policy class associations for the specified policy class. 


include-deleted Optional. Displays all policy sessions, including active associations (through 
which the firewall is allowed to pass traffic), and associations flagged for 
deletion (through which the firewall is forbidden to pass traffic). Associations 
flagged for deletion will usually be freed within a few seconds of timeout or 
deletion, depending on packet congestion; servicing of packets is given 
priority. New traffic matching an association will create a new active 
association, provided the traffic still matches a policy-class allow or NAT 
entry. (This parameter was obsoleted on all platforms except the NetVanta 
3200 with the release of 17.1.) 


any-vrf Optional. Displays information for all VRFs, including the default. 


vrf <name> Optional. Displays information only for the specified VRF. If a VRF is not 
specified, the default unnamed VRF is assumed. 


Default Values 


No default value necessary for this command. 
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Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the all option. 
Release 17.1 Command was expanded to include the parameters vrf and 


include-deleted, as well as the modifiers begin, exclude, include. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 

The following is sample output from the show ip policy-sessions command: 
>enable 

#show ip policy-sessions 


Protocol (TTL) [in crypto map] -> [out crypto map] Destination policy-class 
Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port 


Policy class “Public”: 


tcp (13) 
192.168.1.142 2621 192.168.19.2 1 10.10.10.1 3000 
tcp (13) 
192.168.1.142 2622 192.168.19.2 2 10.10.10.1 3001 
tcp (13) 
192.168.1.142 2623 192.168.19.2 3 10.10.10.1 3002 


The following is sample output from the show ip policy-sessions include-deleted command: 


>enable 
#show ip policy-sessions include-deleted 


Src Vr (if not default), Src policy class: 


Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class 

Src IP Address Src Port Dest IP Address _ Dst Port NAT IP Address NAT Port 
Policy class "Private": 

Policy class “Private_Aqua”: 

Policy class “Private_Black”: 

Policy class “Private_Crimson”: 

Policy class “Private_Green’: 
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Policy class “Private_Orange”: 

Policy class “Private_Purple”: 

Policy class “Private_Yellow’: 

Policy class "Public": 

Policy class "Public2": 

Policy class "self": 

udp (60) -> Public2 

10.22.160.134 1027 10.22.160.254 53 
Policy class "default": 


The following is sample output from the show ip policy-sessions any-vrf include-deleted command: 


>enable 
#show ip policy-sessions any-vrf include-deleted 


Src Vr (if not default), Src policy class: 

Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class 

Src IP Address Src Port Dest IP Address _ Dst Port NAT IP Address NAT Port 
Policy class "Private": 

Policy class "Public": 

Policy class "self": 

Policy class "default": 

VRF "Green", Policy class "Private": 

tcp (418) -> Black, Public 


192.168.121.2 35257 192.168.10.19 21 $192.168.9.2 35257 
tcp (593) -> Black, Public 

192.168.121.2 35333 192.168.10.19 20 $192.168.9.2 2759 
tcp (600) -> Black, Public 

192.168.121.2 65283 192.168.10.207 80 $s 192.168.9.2 65283 
tcp (4) -> Black, Public 

192.168.121.2 1606 192.168.10.209 80 s 192.168.9.2 1606 
tcp (600) -> Black, Public 

192.168.121.2 3648 192.168.10.210 80 s 192.168.9.2 3648 
tcp (502) -> Black, Public 

192.168.121.3 52429 192.168.10.19 21 $192.168.9.2 52429 


VRF "Green", Policy class "Public": 
VRF "Green", Policy class "self": 
VRF "Green", Policy class "default": 
VRF "Black", Policy class "Private": 
VRF "Black", Policy class "Public": 
VRF "Black", Policy class "self": 
VRF "Black", Policy class "default": 
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show ip policy-stats 


Use the show ip policy-stats command to display a list of current policy class statistics. Refer to ip 
policy-class <name> <action> on page 744 for information on configuring access policies. Variations of 
this command include: 


show ip policy-stats 
show ip policy-stats <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Displays policy class statistics for a specific policy class. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays a list of current policy class statistics: 


>enable 
#show ip policy-stats 
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show ip prefix-list 


Use the show ip prefix-list command to display BGP prefix list information. Variations of this command 
include: 


show ip prefix-list <name> 
show ip prefix-list detail <name> 
show ip prefix-list summary <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Shows information for a specific prefix list. 
detail Optional. Shows a listing of the prefix list rules and their hit counts. 
summary Optional. Shows information about the entire prefix list. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





If the show ip prefix-list command is issued with no arguments, a listing of the prefix-list rules but no hit 
count statistics is displayed. 


Usage Examples 





The following example displays information about the prefix list test. 


>enable 

#show ip prefix-list test 

ip prefix-list test: 4 entries 
seq 5 permit 0.0.0.0/0 ge 8 le 8 
seq 10 deny 0.0.0.0/0 ge 9 le 9 
seq 15 permit 0.0.0.0/0 ge 10 le 10 
seq 20 deny 0.0.0.0/0 ge 11 
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show ip protocols 


Use the show ip protocols command to display IP routing protocol parameters and statistics. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show ip protocols command: 


>enable 

#show ip protocols 

Sending updates every 30 seconds, next due in 8 seconds 
Invalid after 180 seconds, hold down time is 120 seconds 
Redistributing: rip 

Default version control: send version 2, receive version 2 


Interface Send Ver. Rec Ver. 
eth 0/1 2 2 
ppp 1 2 2 
Routing for networks: 
1.1.1.0/24 
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show ip route 


Use the show ip route command to display the contents of the IP route table. Variations of this command 
include: 


show ip route 

show ip route </p address> 

show ip route <ip address> <subnet mask> 

show ip route <jp address> longer-prefixes 

show ip route <ip address> <subnet mask> longer-prefixes 
show ip route bgp 

show ip route bgp verbose 

show ip route connected 

show ip route ospf 

show ip route ospf verbose 

show ip route rip 

show ip route rip verbose 

show ip route static 

show ip route static verbose 

show ip route summary 

show ip route summary realtime 

show ip route table 

show ip route vrf <name> 

show ip route vrf <name> <ip address> 

show ip route vrf <name> <ip address> <subnet mask> 
show ip route vrf <name> <ip address> longer-prefixes 
show ip route vrf <name> <ip address> <subnet mask> longer-prefixes 
show ip route vrf <name> bgp 

show ip route vrf <name> connected 

show ip route vrf <name> ospf 

show ip route vrf <name> rip 

show ip route vrf <name> static 

show ip route vrf <name> summary 

show ip route vrf <name> table 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘toe excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 
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Wo Using the realtime argument for this command can adversely affect the performance of 


your unit. 





Syntax Description 





<ijpp address> 


<subnet mask> 


bgp 


connected 
longer-prefixes 
ospf 


rip 


static 
summary 
summary realtime 


table 
verbose 
vif <name> 


Default Values 


Optional. Specifies a valid IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


Optional. Specifies the subnet mask that corresponds to a range of IP 
addresses (network) or a specific host. Subnet masks can be expressed in 
dotted decimal notation (for example, 255.255.255.0) or as a prefix length 
(for example, /24). 


Optional. Displays only the IP routes associated with Border Gateway 
Protocol (BGP). 


Optional. Displays only the IP routes for directly connected networks. 
Optional. Displays only the IP routes matching the specified network. 


Optional. Displays only the IP routes associated with open shortest path 
first (OSPF). 


Optional. Displays only the IP routes that were dynamically learned through 
Routing Information Protocol (RIP). 


Optional. Displays only the IP routes that were statically entered. 
Optional. Displays a summary of all IP route information. 


Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Optional. Displays a condensed version of the IP route table. 
Optional. Enables detailed messaging. 


Optional. Displays only the IP routes for the specified VPN routing and 
forwarding (VRF). 





No default value is necessary for this command. 


Command History 





Release 1.1 

Release 10.1 
Release 16.1 
Release 17.1 


Release A1 
Release 17.2 


Command was introduced. 
The real time display option was introduced. 
Expanded to include the VRF parameter. 


Command was expanded to include modifiers begin, exclude, and 
include. 


Command was expanded to include the verbose parameter. 


Command was enhanced to show the best route to the given IP address 
and the longer-prefixes parameter was added. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


VRF on ADTRAN Operating System (AOS) products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example shows how to display IP routes learned via BGP. The values in brackets after a 
BGP route entry represent the entry's administrative distance and metric: 


>enable 

#show ip route bgp 

Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP 
IA - OSPF inter area, N1 - OSPF NSSA external type 1 
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 
E2 - OSPF external type 2 

Gateway of last resort is 10.15.43.17 to network 0.0.0.0 

1.0.0.0/8 [30/0] via 10.15.43.17, fr 1.17 

2.0.0.0/9 [30/0] via 10.15.43.17, fr 1.17 

2.128.0.0/10 [30/0] via 10.15.43.17, fr 1.17 

2.192.0.0/11 [30/0] via 10.15.43.17, fr 1.17 

2.224.0.0/12 [30/0] via 10.15.43.17, fr 1.17 

2.240.0.0/13 [30/0] via 10.15.43.17, fr 1.17 


DBDWWWWW 


The following example shows output for the show ip route vrf RED summary command. 


>enable 

#show ip route vrf RED summary 
Route Source FIB Local-RIB 
Connected 16 16 

Static 16 16 

Other 31 31 

Total 63 63 
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The following example shows how to display IP routes learned in VRF RED. The values in brackets after a 
route entry represent the entry's administrative distance and metric: 


>enable 

#show ip route vrf RED 

Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP 
IA - OSPF inter area, N1 - OSPF NSSA external type 1 
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 
E2 - OSPF external type 2 

Gateway of last resort is 192.168.1.1 to network 0.0.0.0 

S_ 0.0.0.0/0 [1/0] via 192.168.1.1, eth 0/2.301 

C 192.168.1.0/24 is directly connected, eth 0/2.301 

C 192.168.50.0/30 is directly connected, fr 1.16 

C 192.168.50.1/32 is directly connected, fr 1.16 

C 192.168.51.0/30 is directly connected, fr 2.16 

C 192.168.54.0/30 is directly connected, ppp 1 

C 192.168.55.0/30 is directly connected, hdlc 1 

C 192.168.56.0/30 is directly connected, fr 11.16 

S 192.168.101.0/24 [1/0] via 192.168.50.1, fr 1.16 

S 192.168.102.0/24 [1/0] via 192.168.51.1, fr 2.16 

S 192.168.106.0/24 [1/0] via 192.168.55.1, hdlc 1 

S 192.168.107.0/24 [1/0] via 192.168.56.1, fr 11.16 

S 192.168.109.0/24 [1/0] via 192.168.1.253, eth 0/2.301 


The following example shows output for the show ip route command. The values in brackets after a route 
entry represent the entry's administrative distance and metric: 


>enable 

#show ip route 

Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP 
E1 - OSPF external type 1, E2 - OSPF external type 2 
IA - OSPF inter area 


Gateway of last resort is 10.22.18.254 to network 0.0.0.0 


0.0.0.0/0 [1/0] via 10.22.18.254, eth 0/1 
10.22.16.0/24 [1/0] via 10.22.18.254, eth 0/1 
10.22.17.0/24 [1/0] via 10.22.18.254, eth 0/1 
10.22.18.0/24 is directly connected, eth 0/1 
192.168.25.0/31 is directly connected, loop 1 
192.168.26.1/32 is directly connected, loop 2 
192.168.27.0/24 is directly connected, loop 3 
192.168.249.0/24 is directly connected, eth 0/2 


ANADANDAVnHNW 
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The following example shows output for the show ip route </p address> command. This data explains the 
resulting route a packet will be sent through. 


>enable 
#show ip route 10.22.16.16 
Routing entry for 10.22.16.0/24 
Known via “static” 
Distance 1, metric 0, candidate default path 
Routing Next Hop(s): 
10.22.18.254, via eth 0/1 
Route metric is 0 


The following example shows output for the show ip route </p address> longer-prefixes command. 
Using the longer-prefixes option displays only the matching routes. 


>enable 

#show ip route 10.22.16.0 longer-prefixes 

Codes: C - connected, §S - static, R - RIP, O - OSPF, B - BGP 
E1 - OSPF external type 1, E2 - OSPF external type 2 
IA - OSPF inter area 


Gateway of last resort is 10.22.18.254 to network 0.0.0.0 
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show ip rtp quality-monitoring 


Use the show ip rtp quality-monitoring command to display information gathered during voice quality 
monitoring (VQM) of the inbound RTP streams across the network. Variations of this command include 
the following: 


show ip rtp quality-monitoring 

show ip rtp quality-monitoring active-calls 

show ip rtp quality-monitoring active-calls [[call-id <substring>] [from-uri <substring>] [sort-by 
<metric>] [source-uri <substring>] [to-uri <substring>]] [degradation | detail] 

show ip rtp quality-monitoring call-history 

show ip rtp quality-monitoring call-history [[call-id <substring>] [from-uri <substring>] [sort-by 
<metric>] [source-uri <substring>] [to-uri <substring>]] [degradation | detail] 

show ip rtp quality-monitoring endpoints 

show ip rtp quality-monitoring endpoints [sort-by <metric> | summary] 

show ip rtp quality-monitoring interface <name> 

show ip rtp quality-monitoring interface <name> [detail | summary] 





The majority of the sorting features are available in any order, at any time within the 
‘one subcommand. Use the ? at any level after each variation listed within the brackets to view 
additional arguments and variations for the subcommand(s). 








The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘kore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





active-calls Optional. Displays per-call statistics for currently active calls. This command 
will not display any statistics when VQM is disabled. (Refer to the options 
below.) 

call-history Optional. Displays per-call statistics for completed calls in the call history. 


The call history is available even when VQM is disabled. (Refer to the 
options below.) 


call-id <substring> Optional. Displays call statistics based on the specified substring of the call 
ID. 

degradation Optional. Displays possible sources of voice quality degradation. 

detail Optional. Displays all available VQM statistics. 

from-uri <substring> Optional. Displays statistics based on specified substring of the call ID From 
URI. 
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sort-by <metric> 


jitter 

loss 
out-of-order 
mos-lq 
mos-pq 


source-uri <substring> 


to-uri <substring> 
endpoints 


sort-by <metric> 


summary 


interface <name> 


detail 


summary 


Default Values 


Optional. Specifies the metric to use when sorting VQM statistics. Calls with 
poorer quality metrics will appear first. If no sort-by metric is chosen, calls 
are sorted by start time with the most recent calls appearing first. Choose 
from the following metrics: 


Sorts VQM information by jitter. 

Sorts VQM information by lost packets. 

Sorts VQM information by packets received out of order. 
Sorts VQM information by listening quality (LQ) MOS. 


Sorts VQM information by listening quality MOS normalized to the PESQ 
(PQ) scale. 


Optional. Displays statistics based on the specified substring of the 
URI/extension from which this RTP is sourced. 


Optional. Displays statistics based on the specified substring of the To URI. 


Optional. Aggregates previous call statistics per endpoint (the source IP 
address of the RTP stream). When sorted, endpoints with poorer quality 
metrics will appear first. Issuing this command will display previously 
collected endpoint statistics even with VQM disabled. 


Optional. Specifies the metric to use when sorting endpoint statistics. Calls 
with poorer quality metrics will appear first. (Refer to the sort-by <metric> 
options above.) If no sort-by metric is chosen, calls are sorted by start time 
with the most recent calls appearing first. 


Optional. Displays a summary of RTP streams of interfaces. The RTP 
streams are placed in Excellent, Good, Fair, and Poor categories. 


Optional. Displays statistics for the specified interface. Displays the 
statistics for the specified interface <interface name>, or a metric by which 
to sort when multiple interfaces are enabled. (Refer to the sort-by <metric> 
options above.) 


Optional. Displays all available statistics on the interface(s). When detail is 
not appended, only commonly used statistics are presented. By default, 
only commonly used statistics are shown. These statistics are aggregated 
only from calls saved in the call history. This command is not valid when 
VQM is disabled. 


Optional. Displays a summary of statistics for the specified interface. 
Choosing a specific interface to display using the interface name is optional. 
Use the summary subcommand to view the general VQM statistics on the 
interface(s) and on endpoint(s). These statistics are aggregated only from 
calls saved in the call history. This command is not valid when VQM is 
disabled. 





No default value necessary for this command. 
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Command History 





Release 17.1 Command was introduced. 
Release A1 Command was included in the AOS voice products. 


Functional Notes 





Refer to the Voice Quality Monitoring Configuration Guide available on your AOS Documentation CD 
shipped with your unit, or on the Web at www.adtran.com for more information. 


Usage Examples 





The following is sample output from various versions of the show ip rtp quality-monitoring command 
and subcommands: 


>enable 

#show ip rtp quality-monitoring 

Voice Quality Monitoring is ENABLED 

Simulated jitter buffer: adaptive 10/50/200 ms (min/nominal/max) 


Quality Active Streams Call History All Streams MOS Range 
Excellent 0 29 29 4.400 - 4.000 
Good 0 0 0 3.999 - 3.600 
Fair 0 0 0 3.599 - 2.600 
Poor 0 0 0 2.599 - 0.000 
Totals: 0 29 29 


(Note: Statistics for All Streams are updated at call completion and do not include currently active streams. 
Call history statistics are available for up to 2000 streams.) 


History thresholds: 

MOS (LQ/CQ/PQ): 4.40/4.40/4.40 
Loss: 0 pkts 

Out-of-order packets: 0 pkts 
Jitter: 0 ms 


--MORE-- 


#show ip rtp quality-monitoring call-history sort-by lq-mos degradation 
Displaying 29 estimated stream statistics from 14 completed calls 


RTP stream: 10.22.41.29:16420, eth 0/1 -> 10.22.41.97:16386, eth 0/2 
RTP is sourced from 1041@10.1.4.5 

To: 1041@10.1.4.5 

From: 3046@10.1.4.5 

Call-start (duration): 29 Oct 2007 09:19:16 (29 min, 57.480 s) 
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MOS LQ: 4.12 
MOS PQ: 4.03 
Loss: 263 pkts 
Out-of-order: 0 pkts 
Jitter: 0 ms 
CODEC: G.711 u-law 
Degradation: 
Packet loss: 4.09% 
Echo level: 1.89% 
Simulated jitter buffer discard: 0.00% 
Voice encode/decoder selection: 0.00% 
Recency: 0.00% 
Delay: 0.00% 
Signal level: 0.00% 
Noise level: 0.00% 
Resyncs: 1050 
Delay (current/min/max): 10/10/50 ms 


RTP stream: 10.22.41.29:16402, eth 0/1 -> 10.22.41.97:16386, eth 0/2 
RTP is sourced from 1041@10.1.4.5 
To: 3046@bw2.pq.adtran.com 
From: 1041@10.1.4.5 
Call-start (duration): 29 Oct 2007 08:40:23 (29 min, 58.350 s) 
MOS LQ: 4.12 
MOS PQ: 4.03 
Loss: 259 pkts 
Out-of-order: 0 pkts 
Jitter: 0 ms 
CODEC: G.711 A-law 
Degradation: 
Packet loss: 4.04% 
Echo level: 1.98% 
Simulated jitter buffer discard: 0.00% 
Voice encode/decoder selection: 0.00% 
Recency: 0.00% 
Delay: 0.00% 
Signal level: 0.00% 
Noise level: 0.00% 
--MORE-- 


#show ip rtp quality-monitoring endpoints sort-by loss summary 
Displaying 9 estimated endpoint statistics from 29 completed calls 
RTP source: 10.22.41.29, eth 0/1 

Quality Completed Calls MOS Range 


Excellent 12 4.440 - 4.000 
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Good 0 3.999 - 3.600 
Fair 0 3.599 - 2.600 
Poor 0 2.599 - 0.000 
Totals: 12 (of the last 2000 recorded calls) 


RTP source: 10.22.41.21, eth 0/1 


Quality Completed Calls MOS Range 
Excellent 1 4.440 - 4.000 
Good 0 3.999 - 3.600 
Fair 0 3.599 - 2.600 
Poor 0 2.599 - 0.000 
Totals: 1 (of the last 2000 recorded calls) 
--MORE-- 


#show ip rtp quality-monitoring interface 
loop 10 
Currently active calls: 0 
Statistics for completed calls (0 calls): 
MOS LQ (min/avg/max): none/none/none 
MOS PQ (min/avg/max): none/none/none 
Loss (min/avg/max): 0/0/0 pkts 
Out-of-order (total): 0 pkts 
Jitter (max): 0 ms 
Delay (min/max): 0/0 ms 


eth 0/1 

Currently active calls: 0 

Statistics for completed calls (15 calls): 
MOS LQ (min/avg/max): 4.12/4.14/4.20 
MOS PQ (min/avg/max): 4.03/4.08/4.45 
Loss (min/avg/max): 0/2033/19194 pkts 
Out-of-order (total): 0 pkts 
Jitter (max): 0 ms 
Delay (min/max): 10/200 ms 


eth 0/2 
Currently active calls: 0 
--MORE-- 
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show ip traffic 
Use the show ip traffic command to display all IP traffic statistics. Variations of this command include: 


show ip traffic 
show ip traffic realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 


No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 10.1 The real time display option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following example displays all IP traffic statistics: 


>enable 
#show ip traffic 


IP statistics: 

Routing discards: 0 

Revd: 15873 total, 7617 delivered 

0 header errors, 0 address errors 

0 unknown protocol, 0 discards 

0 checksum errors, 0 bad hop counts 

Sent: 8281 generated, 4459 forwarded 

0 no routes, 0 discards 

Frags: 0 reassemble required, 0 reassembled, 0 couldn't reassemble 
0 created, 0 fragmented, 0 couldn't fragment 


UDP statistics: 
Revd: 3822 total, 0 checksum errors, 0 no port 
Sent: 3822 total 


TCP statistics: 

Retrans Timeout Algorithm: 0 

Min retrans timeout (ms): 0 

Max retrans timeout (ms): 0 

Max TCP Connections: 0 

0 active opens, 64 passive opens, 0 failed attempts 

5 establish resets, 1 establish current 

3795 segments received, 4459 segments sent, 26 segments retransmitted 
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show ip urlfilter 


Use the show ip urlfilter command to display configured URL filter and server information. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show ip urlfilter command: 


>enable 
#show ip urlfilter 


Configured for Websense URL filtering. 
Filters 

Name: “filter1” 

Ports: HTTP(80) 

Interfaces that filter is applied to: 
eth 0/2 inbound 

Servers 

IP address: 10.100.23.116 

Port: 15868 

Timeout: 5 

Excluded domains 

Permit www.adtran.com 

Other Settings 
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show ip urlfilter exclusive-domain 


Use the show ip urlfilter exclusive-domain to display all configured domains excluded (either always 
allowed or always blocked) from URL filtering. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show ip urlfilter exclusive-domain command: 


>enable 
#show ip urlfilter exclusive-domain 


Excluded domains 


Permit www.adtran.com 
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show ip urlfilter statistics 


Use the show ip urlfilter statistics command to display statistics for URL filter requests and responses. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show ip urlfilter statistics command: 


>enable 
#show ip urlfilter statistics 


Current outstanding requests to filter server: 0 
Current response packets buffered from web server: 2 
Max outstanding requests to filter server: 3 

Max response packets buffered from web server: 5 
Total requests sent to filter server: 400 

Total responses received from filter server: 400 

Total requests allowed: 398Total requests blocked: 2 
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show ip urlfilter top-websites 


Use the show ip urlfilter top-websites command to display configured URL filter and top websites 
reporting information. Variations of this command include the following: 


show ip urlfilter top-websites 

show ip urlfilter top-websites <number> 

show ip urlfilter top-websites all 

show ip urlfilter top-websites all <number> 
show ip urlfilter top-websites daily 

show ip urlfilter top-websites daily <number> 
show ip urlfilter top-websites hourly 

show ip urlfilter top-websites hourly <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





all Optional. Specifies that top websites statistics for all lists will be displayed. 

daily Optional. Specifies that top websites statistics in daily increments will be 
displayed. 

hourly Optional. Specifies that top websites statistics in hourly increments will be 
displayed. 

<number> Optional. Specifies how many websites to show on the report. Range is 5 to 
20 websites. 


Default Values 





By default, a 15-minute incremented list of the 10 top websites requests is shown. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





The top websites statistic lists show the previous interval, not the current one. The output shows the period 
for which the statistics were collected, as well as the current time so it can be determined when the next 
update will occur. 
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Usage Examples 





The following example displays the top 5 websites visited in the last 15 minutes: 

#show ip urlfilter top-websites 5 

Top Websites Visited 

Period: Apr 26 08:55:00--Apr 26 09:10:00 Current Time: 09:15:34 

Allow mode: enabled 

The visits listed below are visits which were permitted. These statistics do not include Websites explicitly 
filtered using exclusive domains. 


Domain Name Visits Last Visitor Visit Time 

www.gmail.com 767 10.22.160.7 Apr 26 08:55:47 
www.google.com 540 10.22.160.88 Apr 26 09:05:27 
www.adtran.com 67 10.22.160.107 Apr 26 08:59:16 
www.cisco.com 67 10.22.160.5 Apr 26 09:01:05 
www.partypoker.com 15 10.22.160.45 Apr 26 09:04:43 
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show ip vrf 


Use the show ip vrf command to display the configured VRFs and the interfaces associated with each one 
(or a specific VRF). Variations of this command include: 


show ip vrf 

show ip vrf <name> 

show ip vrf interfaces 

show ip vrf interfaces <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








‘woe To view secondary IP addresses, use the show running-config command. 








Syntax Description 





<name> Optional. Displays information for only the specified VRF. 


interfaces Optional. Displays information about interfaces associated with all 
configured VRFs. 


Default Values 





No default value necessary for this command. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 
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Usage Examples 





The following is a sample output for the show ip vrf command: 


>enable 

#show ip vrf 

Name Default RD Interfaces 

-Default- 0:0 eth 0/1 
ppp 1 

Engineering 100:1 vian 11 
vian 12 

Accounting 100:2 vian 21 
vian 22 


The following is a sample output for the show ip vrf interfaces command: 


>enable 

#show ip vrf interfaces 

Interface IP Address VRF Protocol 
eth 0/1 10.0.0.1 DOWN 
ppp 1 10.0.1.1 UP 
vian 11 1.1.1.1 Engineering UP 

vlan 12 1.1.2.1 Engineering UP 

vlan 21 2.1.1.1 Accounting UP 
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show isdn-group <number> 


Use the show isdn-group command to display integrated services digital network (ISDN) group 
information. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<number> Displays information for a specific ISDN group. Valid range is 1 to 255. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays information for ISDN group 5: 


>enable 
#show isdn-group 5 
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show isdn-number-template 


Use the show isdn-number-template command to display integrated services digital network (ISDN) 
number templates. Variations of this command include: 


show isdn-number-template 
show isdn-number-template <value> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<value> Optional. Displays information about a specific number template. Valid 
range is 1 to 255. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays information for ISDN number template 0: 


>enable 

#show isdn-number-template 0 

Type ID Prefix Pattern 
Subscriber 0 911 

# 
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show isdn resource 


Use the show isdn resource command to display integrated services digital network (ISDN) resource 
information. Variations of this command include: 


show isdn resource 
show isdn resource realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following example displays ISDN resource information: 


>enable 
#show isdn resource 


Interface: Channel Trunk: Appearance Slot/Prt: Call 
Channelld  State:GID Appearance State B-Channel State 
pri 1:0 Reserved:1 T01:2 TAS_Connect 1/1:21 OutgoingConnect 
pri 1:1 Reserved: T01:0 TAS_Alerting 1/1:23 IncomingAlertingSent 
pri 1:2 Available _ == oo = 
pri 1:3 Available --- = -- _ 
pri 1:4 Available --- aa -- = 
pri 1:5 Available --- = -- _ 
pri 1:6 Available --- == -- a 
pri 1:7 Available =e aoe _ oa 
pri 1:8 Available as oo _ ra 
pri 1:9 Available ane oo -- oar 
pri 1:10 Available ate ca _ oe 
pri 1:11 Available --- -- - --- 
pri 1:12 Available --- --- -- --- 
pri 1:13 Available --- _ -- --- 
pri 1:14 Available --- -- -- --- 
pri 1:15 Available aoe = _ a 
pri 1:16 Available eae ae _ aoe 
pri 1:17 Available eae = _ ae 
pri 1:18 Available aoe a -- 
pri 1:19 Available --- -- -- --- 
pri 1:20 Available --- = -- --- 
pri 1:21 Available --- -- -- --- 
pri 1:22 Available _ _ -- --- 
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show Ildp 


Use the show Ildp command to display the Link Layer Discovery Protocol (LLDP) transmit interval and 
transmitted time to live (TTL). 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





The TTL is calculated by multiplying the transmit interval by the TTL multiplier. For more information, refer 
to the command I/ldp on page 845. 


Usage Examples 





The following example shows a sample LLDP timer configuration: 


>enable 

#show Ildp 

Global LLDP information: 

Sending LLDP packets every 30 seconds 
Sending TTL of 120 seconds 
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show Ildp device <name> 


Use the show Ildp device command to display neighbor information about an adjacent device on the same 
IEEE 802 LAN. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Specifies the system name of the neighbor to display. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





If there is more than one neighbor with the same system name, all neighbors with that system name will be 
displayed. 


Usage Examples 





The following example shows specific information about a neighbor for the system name Router: 


>enable 
#show Ildp device Router 
Chassis ID: 00:A0:C8:02:DD:2A (MAC Address) 
System Name: Router 
Device Port: eth 0/1 (Locally Assigned) 
Holdtime: 30 
Platform: NetVanta 3305 
Software: Version: 08.00.22.sw1.D, Date: Mon Nov 01 10:28:55 2004 
Capabilities: Bridge, Router 
Enabled Capabilities: Router 
Local Port: eth 0/3 
Management Addresses: 
Address Type: IP version 4, Address: 10.23.10.10 
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show Ildp interface 


Use the show Ildp interface command to display Link Layer Discovery Protocol (LLDP) configuration 
and statistics for interfaces on this device. Variations of this command include: 


show Ildp interface 
show Ildp interface </interface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<interface> Optional. Displays the information for the specified interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show Ildp interface ? for a complete list of applicable interfaces. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows LLDP statistics for the Ethernet 0/1 interface: 


>enable 
#show Ildp interface ethernet 0/1 
eth 0/1 (TX/RX) 
0 packets input 
0 input errors 
0 TLV errors, 0 TLVs Discarded 
0 packets discarded 
8799 packets output 
0 neighbor ageouts 
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show Ildp neighbors 


Use the show Ildp neighbors command to display information about neighbors of this device learned 
about via local loop demarcation point (LLDP). Variations of this command include: 


show Ildp neighbors 

show Ildp neighbors detail 

show Ildp neighbors <interface> 

show Ildp neighbors interface <interface> detail 
show Ildp neighbors med 

show Ildp neighbors realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





detail Optional. Shows detailed neighbor information for all LLDP neighbors or 
neighbors connected to the specified interface or interface type. 


interface <interface> Optional. Displays a summary of all neighbors learned about through the 
specified interface. Specify an interface in the format <interface type 
[slot/port | slot/oort.subinterface id | interface id | interface id.subinterface id 
| ap | ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; 
for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; 
for an ATM subinterface, use atm 1.1; and for a wireless virtual access 
point, use dot11ap 1/1.1. Type show Ildp neighbors interface ? for a 
complete list of applicable interfaces. 


med Optional. Displays neighbors that are capable of supporting LLDP-MED. 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default values necessary for this command. 
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Command History 





Release 8.1 Command was introduced. 

Release 10.1 The real time display option was introduced. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
Release 17.2 Command was expanded to include the MED parameter. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following example shows detailed information about a device’s neighbors: 


>enable 
#show Ildp neighbors interface eth 0/3 detail 
Chassis ID: 00:A0:C8:02:DD:2A (MAC Address) 
System Name: Router 
Device Port: eth 0/1 (Locally Assigned) 
Holdtime: 38 
Platform: NetVanta 3305 
Software: Version: 08.00.22.sw1.D, Date: Mon Nov 01 10:28:55 2004 
Capabilities: Bridge, Router 
Enabled Capabilities: Router 
Local Port: eth 0/3 
Management Addresses: 

Address Type: IP version 4, Address: 10.23.10.10 
Interface Type: Interface Index, Interface Id: 2 


The following example shows LLDP-MED capable neighbors connected to a device: 


.>enable 

#show Ildp neighbors med 

Capability Codes: R - Router, B - Bridge, H - Host, D - DOCSIS Device, 
W - WLAN Access Point, r - Repeater, T - Telephone 


System Name Port ID TTL Cap. Platform Local Int 


URL 5000@10.22.41 08:00:0F:2C:AB 96 --B--T-- swx 0/2 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 444 


Command Reference Guide Enable Mode Command Set 





show Ildp neighbors statistics 


Use the show Ildp neighbors statistics command to display statistics about Link Layer Discovery 
Protocol (LLDP) neighbor table actions. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





There are no default values necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





This command shows information about the changes in this device’s neighbor table. The information 
displayed indicates the last time a neighbor was added to or removed from the table, as well as the number 
of times neighbors were inserted into or deleted from the table. 


System Last Change Time Shows the time at which the most recent change occurred in the neighbor 


table. 

Inserts Shows the number of times neighbors have been added to the table. 

Deletes Shows how many times neighbors have been deleted from the table 
because an interface was shut down. 

Drops Shows how many times the insertion of a new neighbor into the table failed 
because the table was full. 

Age Outs Shows how many times neighbors have been removed from the table 


because no new updates were received from that neighbor before its 
time-to-live timer expired. 
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Usage Examples 





The following example shows sample output for this command: 


>enable 

#show Ildp neighbors statistics 

System Last Change Time Inserts Deletes Drops Age Outs 
10-15-2004 14:24:56 55 3 1 1 
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show mac address-table 


Use the show mac address-table command to display all static and dynamic entries in the medium access 
control (MAC) address table for all virtual local area networks (VLANs) and physical interfaces. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the show mac address-table command: 


>enable 

#show mac address-table 

Mac Address Table 

Vian Mac Address Type Ports 
1 aa:bb:ee:d1 :c2:33 STATIC eth 0/18 
1 00:00:00:00:00:00 STATIC CPU 
2 00:90:2b:7d:30:00 DYNAMIC eth 0/1 
2 00:a0:c8:00:8e:a6 DYNAMIC eth 0/1 
2 00:a0:c8:00:8f:ba DYNAMIC eth 0/1 
2 00:a0:c8:00:8f:73 DYNAMIC eth 0/1 
2 00:a0:c8:00:00:00 DYNAMIC eth 0/1 
2 00:a0:c8:01 :ff:02 DYNAMIC eth 0/1 
2 00:a0:c8:01:09:d3 DYNAMIC eth 0/1 
2 00:a0:c8:01:13:34 DYNAMIC eth 0/1 
2 00:a0:c8:01:14:4a DYNAMIC eth 0/1 
2 00:a0:c8:03:95:4b DYNAMIC eth 0/1 
2 00:a0:c8:05:00:89 DYNAMIC eth 0/1 
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show mac address-table address 


Use the show mac address-table address command to display all medium access control (MAC) 
addresses known by AOS. Variations of this command include the following: 


show mac address-table address <mac address> 

show mac address-table address <mac address> interface <interface> 

show mac address-table address <mac address> interface <interface> vlan <vian id> 
show mac address-table address <mac address> vlan <vian id> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in the following format: xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). 


interface <interface> Shows information for a specific interface. Specify an interface in the format 
<interface type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type show mac 
address-table address interface ? for a list of valid interfaces. 


vlan <vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following sample from the show mac address-table address command displays information 
regarding a specific MAC address from the MAC address table: 


>enable 

#show mac address-table address 00:a0:c8:7d:30:00 
Mac Address Table 

Vlan Mac Address Type Ports 

2 00:a0:c8:7d:30:00 DYNAMIC eth 0/1 


The following sample from the show mac address-table address command displays information 
regarding a specific MAC address and interface from the MAC address table: 


>enable 

#show mac address-table address 00:a0:c8:7d:30:00 ethernet 0/1 
Mac Address Table 

Vian Mac Address Type Ports 

2 00:a0:c8:7d:30:00 DYNAMIC eth 0/1 

Total Mac Addresses for this criterion: 1 

# 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


446 


Command Reference Guide Enable Mode Command Set 





show mac address-table aging-time 


Use the show mac address-table aging-time command to display information regarding the amount of 
time dynamic entries remain in the medium access control (MAC) address table. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample from the show mac address-table aging-time command for a switch 
configured with an address-table aging-time: 


>enable 
#show mac address-table aging-time 
Aging Time 


300 Seconds 
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show mac address-table count 


Use the show mac address-table count command to display information regarding the number of medium 
access control (MAC) addresses in use (both static and dynamic). 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample from the show mac address-table count command: 


>enable 

#show mac address-table count 

Mac Table Entries: 

Dynamic Address Count: 19 

Static Address Count: 3 

Total Mac Addresses: 23 

Total Mac Address Space Available: 8169 
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show mac address-table dynamic 


Use the show mac address-table dynamic command to display all dynamic medium access control 
(MAC) addresses learned by AOS. Variations of this command include the following: 


show mac address-table dynamic 

show mac address-table dynamic address <mac address> 

show mac address-table dynamic address <mac address> interface <interface> 

show mac address-table dynamic address <mac address> interface <interface> vlan <vian id> 
show mac address-table dynamic address <mac address> vlan <vian id> 

show mac address-table dynamic interface <interface> 

show mac address-table dynamic interface <interface> vlan <vian id> 

show mac address-table dynamic vlan <vian id> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





address <mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in the following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). 


interface <interface> Shows information for a specific interface. Specify an interface in the format 
<interface type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type show mac 
address-table dynamic interface ? for a list of valid interfaces. 


vlan <vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample from the show mac address-table dynamic command: 


>enable 

#show mac address-table dynamic 

Mac Address Table 

Vian Mac Address Type 

1 00:a0:c8:7d:30:00 DYNAMIC 
1 00:a0:c8:05:89:09 DYNAMIC 
1 00:a0:c8:07:d9:d2 DYNAMIC 
1 00:a0:c8:07:d9:19 DYNAMIC 
1 00:a0:c8:09:95:6b DYNAMIC 
1 00:a0:c8:0a:2d:7c DYNAMIC 
1 00:a0:c8:f6:e9:a6 DYNAMIC 
1 00:a0:c8:01 :0a:ef DYNAMIC 
1 00:a0:c8:0c:74:80 DYNAMIC 
1 00:a0:c8:15:5a:9f DYNAMIC 
1 00:a0:c8:6c:71:49 DYNAMIC 
1 00:a0:c8:77:78:c1 DYNAMIC 
1 00:a0:c8:6b:53:7b DYNAMIC 
1 00:a0:c8:72:e6:d6 DYNAMIC 
1 00:a0:c8:05:00:e6 DYNAMIC 


Total Mac Addresses for this criterion: 15 


eth 0/1 

eth 0/2 

eth 0/5 

eth 0/7 

eth 0/7 

eth 0/12 
eth 0/24 
eth 0/23 
eth 0/20 
eth 0/7 

eth 0/2 

eth 0/3 

eth 0/4 
giga-eth 0/2 
giga-eth 0/1 
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show mac address-table interface 


Use the show mac address-table interface command to display information regarding medium access 
control (MAC) address table entries specific to a certain interface. Variations of this command include: 


show mac address-table interface <interface> 
show mac address-table interface <interface> vlan <vian id> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Shows information for a specific interface type. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type show mac 
address-table interface ? for a list of valid interfaces. 


vlan <vian id> Optional. Shows address-table information related to a specific VLAN. Valid 
range is 1 to 4094. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is an example of the show mac address-table interface eth 0/1 command displaying MAC 
address-table entries specifically on Ethernet 0/1: 


>enable 


#show mac address-table interface ethernet 0/1 


Mac Address Table 

Vian Mac Address 
2 00:90:2b:7d:30:00 
2 00:a0:c8:05:00:ac 
2 00:a0:c8:05:00:ad 
2 00:a0:c8:05:00:c2 
2 00:a0:c8:05:01 :6e 
2 00:a0:c8:09:95:6b 
2 00:a0:c8:0a:2d:7c 


Type 

DYNAMIC 
DYNAMIC 
DYNAMIC 
DYNAMIC 
DYNAMIC 
DYNAMIC 
DYNAMIC 


Total Mac Addresses for this criterion: 10 


Ports 

eth 0/1 
eth 0/1 
eth 0/1 
eth 0/1 
eth 0/1 
eth 0/1 
eth 0/1 
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show mac address-table multicast 


Use the show mac address-table multicast command to display all multicast medium access control 
(MAC) addresses known by AOS. Variations of this command include the following: 


show mac address-table multicast 

show mac address-table multicast count 

show mac address-table multicast igmp-snooping 

show mac address-table multicast igmp-snooping count 

show mac address-table multicast user 

show mac address-table multicast user count 

show mac address-table multicast vlan <vian id> 

show mac address-table multicast vlan <vi/an id> count 

show mac address-table multicast vlan <vian id> igmp-snooping 
show mac address-table multicast vlan <v/an id> igmp-snooping count 
show mac address-table multicast vlan <vi/an id> user 

show mac address-table multicast vlan <vi/an id> user count 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





count Optional. Displays the multicast address count. 

igmp-snooping Optional. Displays MAC addresses learned via Internet Group Management 
Protocol (IGMP) snooping. 

user Optional. Displays static MAC addresses entered by the user. 

vlan <vian id> Optional. Displays address table information related to a specific VLAN. 


Valid range is 1 to 4094. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is sample output from the show mac address-table multicast command: 


>enable 
#show mac address-table multicast 
Multicast Mac Address Table 


Vian Mac Address Type Ports 
1 01:00:5e:00:01:01 igmp  swx 0/10 
1 01:00:5e:7f:ff:fa igmp _swx 0/24 


Total Mac Addresses for this criterion: 2 
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show mac address-table static 


Use the show mac address-table static command to display all static medium access control (MAC) 
addresses known by AOS. Variations of this command include the following: 


show mac address-table static 

show mac address-table static address <mac address> 

show mac address-table static address <mac address> interface <interface> 

show mac address-table static address <mac address> interface <interface> vlan <vian id> 
show mac address-table static address <mac address> vlan <vian id> 

show mac address-table static interface <interface> 

show mac address-table static interface </nterface> vlan <vian id> 

show mac address-table static vlan <vian id> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





address <mac address> Optional. Specifies a valid 48-bit MAC address. MAC addresses should be 
expressed in the following format xx:xx:Xx:xx:xx:xx (for example, 
00:A0:C8:00:00:01). 

interface <interface> Optional. Shows information for a specific interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a 
wireless virtual access point, use dot11ap 1/1.1. Type show mac 
address-table static interface ? for a list of valid interfaces. 


vlan <vian id> Optional. Shows address-table information related to a specific VLAN. Valid 
range is 1 to 4094. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample from the show mac address-table static command: 


>enable 

#show mac address-table static 

Mac Address Table 

Vian Mac Address Type Ports 
1 00:a0:c8:00:88:40 STATIC CPU 


Total Mac Addresses for this criterion: 1 
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show mail-client 


Use the show mail-client command to display statistical summary information for mail agents. Variations 
of this command include: 


show mail-client 
show mail-client <agent name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<agent name> Optional. Specifies only statistics for the named mail agent are displayed. 


Default Values 





No default values are associated with this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example displays statistical information for mail agent myagent: 


>enable 

#show mail-client myagent 

Mail-client myagent is ENABLED 
Capture output when track mail becomes PASS 
Send message when track T becomes PASS 
Send TO: joesmith@company.com 


6 output captures triggered 
18 commands captured 
6 command errors 
2 unrecognized commands 
4 truncated commands 
5 emails sent 
Last email sent on 2/29/2008 at 16:20:10 PM 
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show mail-client body <agent name> 


Use the show mail-client body command to display the current buffer content for the body of the email 
message in queue for a specific mail agent. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<agent name> Specifies the mail agent buffer to display. 


Default Values 





No default values are associated with this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example displays the email body buffer content for myagent mail agent: 


>enable 
#show mail-client body myagent 
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show media-gateway 


Use the show media-gateway command to show cumulative totals for all Realtime Transfer Protocol 
(RTP) channels. Variations of this command include: 


show media-gateway 

show media-gateway channel 

show media-gateway channel <s/ot/dsp.channel> 
show media-gateway info 

show media-gateway session 

show media-gateway session <s/ot/dsp.channel> 
show media-gateway summary 

show media-gateway summary active 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<slot/dsp.channel> Optional. Specifies the ID of the media-gateway channel to be displayed. 
channel Optional. Shows cumulative totals for individual RTP channels. 

info Optional. Shows media-gateway information. 

session Optional. Shows current RTP sessions. 

summary Optional. Shows summary of last active and current RTP sessions. 
active Optional. Shows summary of currently active RTP sessions. 


Default Values 





No default necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following example shows sample output from the show media-gateway command: 


>enable 

#show media-gateway 

Media-Gateway 

1 slots, 1 DSPs, 24 channels 

0 total sessions, 0 active sessions, 00:00:00 total session duration 
0 total rx packets, 0 total rx bytes 

0 total lost packets, 0 total unknown packets 

0 total tx packets, 0 total tx bytes 

0 highest max depth 

0 total discards, 0 total overflows, 0 total underflows 
0 total out-of-orders 


Last clearing of counters: 9:46 PM Thu, Jan 1, 1970 
# 
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show memory 


Use the show memory command to display statistics regarding memory, including memory allocation and 
buffer use statistics. Shows how memory is in use (broken down by memory size) and how much memory 
is free. Variations of this command include: 


show memory heap 
show memory heap realtime 
show memory uncached-heap 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





heap Shows how much memory is in use (broken down by memory block size) 
and how much memory is free. 

realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 

uncached-heap Shows how much memory has been set aside to be used without memory 
caching, how much memory is being used, and how much memory is free. 
(Valid only on NetVanta 300, 1000, and 1000R Series Units.) 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 10.1 The real time display option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following is a sample output from the show memory heap command: 


>enable 

#show memory heap 

Memory Heap: 
HeapFree: 2935792 
HeapSize: 8522736 

Block Managers: 


Mgr Size Used Free Max-Used 
0 0 58 0 58 

1 16 1263 10 1273 
2 48 1225 2 1227 
3 112 432 2 434 
4 240 140 3 143 
5 496 72 2 74 

6 1008 76 1 26 

7 2032 25 1 26 

8 4080 2 1 3 

9 8176 31 1 32 
10 16368 8 0 8 

11 32752 5 1 6 

12 65520 3 0 30 
13 131056 0 0 0 
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show modules 


The show modules command displays information on the current system setup. Variations of this 
command include: 


show modules 
show modules verbose 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





verbose Optional. Enables detailed messaging. 


Default Values 





No default value necessary for this command. 


Command History 


Release 6.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays the modules installed in the unit. 


>enable 

#show modules 

Slot Ports Type Serial # Part # H/W Rev 
0 3 Netvanta 5305 =—*********** 1200990L1 A 

1 1 T3 Module ae 1200832L1 A 

2 7 0) ©) 5 
3 - Empty 9 © wersensere menecnneees  nenennnnnn 
4 = 0) ©) 5 
5 - Empty 9 © wersensenee we eecennnns ween 
6 - Empty 9 © wrrsensene weeeenneens  neeennnnen 
7 : 0) ©) 5 
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show monitor session 


Use the show monitor session command to display information regarding a specified monitor session or to 
display this information for all sessions. Variations of this command include: 


show monitor session <number> 
show monitor session all 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<number> Displays information for a single specific monitor session. 
all Displays all sessions. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample from the show monitor session command: 


>enable 
#show monitor session 1 
Monitor Session 1 
Source Ports: 

RX Only: None 

TX Only: None 

Both: eth 0/2, eth 0/3 
Destination Port: eth 0/6 
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show ntp associations 


Use the show ntp associations command to display the active Network Time Protocol (NTP) associations. 


The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following executes show ntp associations: 


>enable 
#show ntp associations 
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show nip status 


Use the show ntp status command to display general information about the status on the Network Time 
Protocol (NTP). 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





No subcommanas. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 


The following executes show ntp status: 


>enable 
#show ntp status 
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show output-chkdsk 


Use the show output-chkdsk command to display output from the CFLASH checkdisk that occurs at boot 
up. File Allocation Table (FAT) errors detected or repaired are shown from the last boot up using this 
command. If checkdisk passed without incident, the command displays the output File is empty. This 
command is only applicable to ADTRAN integrated communications products (ICPs). 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 


Release 14.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show output-chkdsk command where checkdisk passed: 


>enable 
#show output-chkdsk 
File is empty. 


The following example provides output from the show output-chkdsk command where errors were 
detected and repaired. An explanation of the errors found follows the output: 


>enable 

#show output-chkdsk 

## 'SystemDefaultPrompts' The '.' entry has a non-zero size (repaired). 

## 'SystemDefaultPrompts’ The '..' entry points to cluster 2 (should be root directory - repaired). 
## Cluster 583 chains to 435, but 583 is already used in another chain. 

## Terminated subsequent instance of cross-linked chain starting at 205 at cluster 394. 

## 'VoiceMail' The '.' first entry was not found. 

## 'VoiceMail' Found 2 checksum mismatches (repaired). 

## 'VoiceMail/Messages' Found 3 trailing entries (repaired). 

## 'VoiceMail' Found 2 duplicate entries (repaired). 
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The following errors are minor and can be ignored. 


## '/SystemDefaultPrompts' The '.' entry has a non-zero size (repaired). 
## 'SystemDefaultPrompts' The '..' entry points to cluster 2 (should be root directory - repaired). 


The following errors are more serious, but have been repaired. They indicate that the FAT has been 
corrupted. In some instances, major files may be lost (if they were corrupt or were contained within a 
corrupt directory). 


## Found 20 orphaned clusters (not free and not used - repaired). 
## Cluster 583 chains to 435, but 583 is already used in another chain. 
## Terminated subsequent instance of cross-linked chain starting at 205 at cluster 394. 


The following error results in the removal of the entire directory: 

## 'VoiceMail' The '.' first entry was not found. 

The following errors are minor. They indicate that some corruption has occurred, specifically with the 
naming units of the files involved. In most cases, these can be repaired without data loss. 


## 'VoiceMail' Found 2 checksum mismatches (repaired). 
## 'VoiceMail' Found 15 invalid names (repaired). 

## 'VoiceMail/Messages' Found 3 trailing entries (repaired). 
## 'VoiceMail' Found 2 duplicate entries (repaired). 
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show output-startup 


Use the show output-startup command to display startup configuration output line-by-line. This output 
can be copied into a text file and then used as a configuration editing tool. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show output-startup command: 


>enable 

#show output-startup 

| 

#| 

#hostname "UNIT_2" 
UNIT_2#no enable password 
UNIT_2#! 

UNIT_2#ip subnet-zero 
UNIT_2#ip classless 
UNIT_2#ip routing 

UNIT_2#! 
UNIT_2#event-history on 
UNIT_2#no logging forwarding 
UNIT_2#logging forwarding priority-level info 
UNIT_2#no logging email 
etc.... 
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show port-auth 


Use the show port-auth command to view port authentication information. Variations of this command 
include: 


show port-auth 

show port-auth detailed 

show port-auth detailed interface <interface> 
show port-auth interface <interface> 

show port-auth statistics 

show port-auth statistics interface <interface> 
show port-auth summary 

show port-auth summary interface <interface> 
show port-auth supplicant 

show port-auth supplicant interface <interface> 
show port-auth supplicant summary 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





detailed Optional. Displays detailed port authentication information. 

statistics Optional. Displays port authentication statistics. 

summary Optional. Displays a summary of port authentication settings. 

supplicant Optional. Displays port authentication supplicant information. 

interface <interface> Optional. Displays port authentication information for the specified interface. 


Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show port-auth interface ? for a list of valid 
interfaces. 


Default Values 





No default value necessary for this command. 
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Command History 





Release 10.1 Command was introduced. 


Release 17.1 Command expanded to include modifiers begin, exclude, include, and the 
supplicant keyword. 


Usage Examples 





The following example displays the port authentication information: 


>enable 

#show port-auth 

Global Port-Authentication Parameters: 
re-authentication enabled: False 
reauth-period: 3600 
quiet-period: 60 
tx-period: 30 
supp-timeout: 30 
server-timeout: 30 
reauth-max: 2 

Port-Authentication Port Summary: 
Interface Status Type Mode Authorized 
eth 0/1 disabled __ port-based n/a n/a 
eth 0/2 disabled __ port-based n/a n/a 
eth 0/3 disabled __ port-based n/a n/a 
eth 0/4 disabled __ port-based n/a n/a 
eth 0/5 disabled __ port-based n/a n/a 
eth 0/6 disabled __ port-based n/a n/a 
eth 0/7 disabled __ port-based n/a n/a 
eth 0/8 disabled __ port-based n/a n/a 
eth 0/9 disabled __ port-based n/a n/a 
eth0/10 disabled _ port-based n/a n/a 
eth 0/11 disabled __ port-based n/a n/a 
eth0/12 disabled _ port-based n/a n/a 
eth0/13 disabled  port-based n/a n/a 
eth0/14 disabled  port-based n/a n/a 
eth0/15 disabled __ port-based n/a n/a 
eth0/16 = disabled __ port-based n/a n/a 
eth0/17 + disabled  port-based n/a n/a 
eth0/18 disabled  port-based n/a n/a 
eth0/19 disabled  port-based n/a n/a 
eth0/20 disabled _ port-based n/a n/a 
eth0/21 + disabled __ port-based n/a n/a 

Port Authentication Port Details: 
Port-Authentication is disabled on eth 0/1 
Port-Authentication is disabled on eth 0/2 
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show port-security 


Use the show port-security command to display port security information. Variations of this command 
include: 


show port-security 

show port-security address 

show port-security interface <interface> 

show port-security interface <interface> address 
show port-security port-expiration 

show port-security port-expiration detailed 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





address Optional. Displays a list of secure medium access control (MAC) addresses 
for all interfaces currently configured for port security. 


interface <interface> Optional. Filters the output to include only information for the specified 
interface. Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show port-security interface ? for a complete list of 
valid interfaces. 


port-expiration Optional. Displays the ports currently participating in port expiration and the 
amount of time left until the port is shut down. 


detailed Optional. Displays information for all interfaces, even if not configured for 
port expiration. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following displays all secure MAC addresses related to the Ethernet 0/1 interface: 


>enable 
#show port-security interface eth 0/1 address 
VLAN Mac Address Type of Entry Interface Remaining Time 


1 00:a0:c8:0a:c6:4a Dynamic-Secure eth 0/1 -- 
1 00:a0:c8:0a:c6:4b Dynamic-Secure eth 0/1 -- 


Dynamic Address Count: 2 
Static Address Count: 0 
Sticky Address Count: 0 
Total Address Count: 2 
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show power inline 


Use the show power inline command to display power information (in watts) for devices connected to 
power over Ethernet (PoE) interfaces. The command also displays the PoE interfaces that can be powered, 
whether the interfaces are powered or not, and the IEEE class for the device(s) connected to the PoE 
interfaces. Variations of this command include: 


show power inline 
show power inline <s/ot/port> 
show power inline <s/ot/port> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 


<slot/port> Optional. Specifies the slot/port of a PoE interface. If specified, the 
command only displays information related to that interface. 
realtime Optional. Displays full-screen output in real time. Refer to the Functional 


Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.1 Command was introduced. 
Release 11.1 The real time display option was added. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following example displays power information for all PoE interfaces: 


>enable 

#show power inline 

Interface Admin Oper Power (watts) Class 

eth 0/1 auto off n/a n/a 

eth 0/2 auto off n/a n/a etc... 
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show power-supply 


The show power-supply command displays the power supply status. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays the power supply status: 


>enable 

#show power supply 

Power supply 1 is OK. 

Power supply 2 is not present. 
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show pppoe 


Use the show pppoe command to display all point-to-point protocol over Ethernet (PPPoE) settings and 
associated parameters. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example enters the Enable mode and uses the show command to display PPPoE 
information: 


>enable 
#show pppoe 
ppp 1 
Outgoing Interface: eth 0/1 
Outgoing Interface MAC Address: 00:A0:C8:00:85:20 
Access-Concentrator Name Requested: FIRST VALID 
Access-Concentrator Name Received: 13021109813703-LRVLGAOS90W_IFITL 
Access-Concentrator MAC Address: 00:10:67:00:1D:B8 
Session Id: 64508 
Service Name Requested: ANY 
Service Name Available: 
PPPoE Client State: Bound (8) 
Redial retries: unlimited 
Redial delay: 10 seconds 
Backup enabled all day on the following days: 
Sunday Monday Tuesday Wednesday Thursday Friday Saturday 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 477 


Command Reference Guide Enable Mode Command Set 





show probe 


Use the show probe command to display probe configuration and statistics. Refer to Network Monitor 
Probe Configuration Command Set on page 2150 for information on configuring probe objects. Variations 
of this command include the following: 


show probe 

show probe <name> 

show probe <name> realtime 

show probe <name> statistics 

show probe <name> statistics history 

show probe responder icmp-timestamp [realtime] 
show probe responder twamp [realtime] 

show probe responder udp-echo [realtime] 

show probe statistics 

show probe statistics history 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





or Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





<name> Optional. Displays configuration and statistics for a specific probe. 
responder Displays the specified probe responder statistics. 
icmp-timestamp Optional. Displays the Internet Control Message Protocol (ICMP) timestamp 
probe responder statistics. 
twamp Optional. Displays the Two-way Active Measurement Protocol (TWAMP) 
probe responder statistics. 
udp-echo Optional. Clears the User Datagram Protocol (UDP) echo probe responder 
statisitics. 
statistics Displays measured probe statistics. 
history Displays the history of all measured probe statistics. 
realtime Optional. Displays full-screen output in real time. Refer to the Functional 


Notes below for more information. 
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Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
Release 17.2 Command was expanded to include probe responder options. 


Functional Notes 





A probe must be created first using the probe command. Issuing the shutdown command at the probe 
configuration prompt will disable a probe, causing it to cease traffic generation. While a probe is shutdown, 
it will not fail. 


Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following is a sample output of the show probe probe_A command: 


>enable 
#show probe probe _A 
Current State: PASS Admin. Status: DOWN 
Type: ICMP Echo Period: 30 sec Timeout: 500 msec 
Hostname: www.adtran.com 
Tracked by: track_1 
Tests Run: 121 Failed: 0 
Time in current state: 25 days 2 hours, 34 minutes, 32 seconds 


The following is a sample output of the show probe responder twamp command: 


>enable 
#show probe responder twamp 
0-------------- 1 ---------------- Q---------------- 3---------------- 4--------------- ---------------- 6---------------- | eee 8 


12345678901 2345678901 2345678901 2345678901 234567890 12345678901 2345678901 234567890 
TWAMP-Test: 360 rcvd, 360 sent 
TWAMP-Control: 20 sessions opened, 18 sessions closed, 

3 sessions rejected, 2 sessions active 
The following is a sample output of the show probe responder icmp-timestamp command: 
>enable 
#show probe responder icmp-timestamp 
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0-------------- | ---------------- Q---------------- 3---------------- 4--------------- 5---------------- 6---------------- [-------------- 8 
123456789012345678901 2345678901 234567890 12345678901 2345678901 2345678901 234567890 
ICMP Timestamp: 125 rcvd, 125 sent 


The following is a sample output of a TWAMP type probe named Houston: 


>enable 
#show probe Houston 
0-------------- | ---------------- Q---------------- 3---------------- 4--------------- ae 6---------------- [--------------- 8 


12345678901 2345678901 23456789012345678901 234567890 12345678901 2345678901 234567890 
Probe Houston: 

Current State: PASS Admin. Status: UP 

Type: TWAMP Period: 60 Timeout: 1500 

Source: 192.168.1.255:17001 Destination: 10.10.20.254:17000 

Data Size: 14 Num-packets 100 DSCP: 0 

Data pad: Zero 

Send-schedule: 20 msec Type: periodic 

Authentication Mode: open Key: not set 

Tracked by: Nothing 

Tests Run: 194 Failed: 1 

Tolerance: not set 

Time in current state: 1 days, 2 hours, 50 minutes, 7 seconds 

Packet Loss fail pass 

Round Trip 1000 1000 
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show processes 


Use the show processes command to display process statistic information. Variations of this command 
include: 


show processes cpu 

show processes cpu realtime 
show processes history 
show processes queue 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 


cpu Displays information about processes that are currently active. 

realtime Optional. Displays full-screen CPU output in real time. Refer to the 
Functional Notes below for more information. 

history Displays the process switch history. 

queue Displays process queue utilization. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 10.1 New option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following is a sample output from the show processes cpu command: 


>enable 

#show processes cpu 

processes cpu 

System load: 7.07% Min:0.00% Max 85.89% 
Context switch load: 0.21% 


Task Task Invoked Exec Time Runtime Load% 
Name PRI STAT (count) (usec) (usec) (1 sec) 

0 Idle OW 129689 1971 927923 92.79 

1 FrontPanel 249 W 9658 165 3202 0.32 

3 Stack Usage 11 W 485 305 325 0.03 

4 Q Test 1 10 W 50 4 0 0.00 

5 Q Test 2 11 W 50 6 0 0.00 

... IC. 
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show gos 


Use the show qos command to display information regarding quality of service (QoS) and 802. 1p class of 
service (CoS) settings. Variations of this command include: 


show qos cos-map 

show qos dscp-cos 

show qos interface </nterface> 
show qos queuing 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





cos-map Displays the CoS priority-to-queue map. The map outlines which CoS 
priority is associated with which queue. 

dscp-cos Displays the differentiated services code point (DSCP) to CoS map 
settings. 

interface <interface> Displays the configured values for default CoS and trust settings on a 


specific interface. Specify an interface in the format <interface type [slot/port 
| slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type show qos interface ? for a complete list of valid 
interfaces. 


queuing Displays the type of queuing being used. If weighted round robin (WRR) 
queuing is enabled, the command also displays the weight of each queue. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 7.1 Command was expanded to include the dscp-cos option. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is sample output from the show qos cos-map command: 


>enable 

#show qos cos-map 

CoS Priority:01234567 
Priority Queue: 11223344 


The following is sample output from the show qos interface command for Ethernet 0/8 interface: 


>enable 

#show qos interface ethernet 0/8 
Ethernet 0/8 

trust state: trusted 

default CoS: 0 


The following is sample output from the show qos queuing command with WRR queuing enabled: 


>enable 

#show qos queuing 
Queue-type: wrr 
Expedite queue: disabled 
wrr weights: 

qid - weight 

1-12 

2-45 

3-55 

4-65 
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show qos map 


The show qos map command outputs information about the quality of service (QoS) map. This 
information differs based on how a particular map entry is defined. Variations of this command include the 
following: 


show qos map 

show qos map <name> 

show qos map <name> <number> 
show qos map interface <interface> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Specifies the name of a defined QoS map. 
<number> Optional. Specifies one of the map’s defined sequence numbers. 
interface <interface> Optional. Displays the QoS map information for a specific interface. Specify 


an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show qos map interface ? command for a complete list of interfaces. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 6.1 Command was introduced. 

Release 9.1 Command was expanded to include HDLC interface. 

Release 11.1 Demand interface was added. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following example shows all QoS maps and all entries in those maps: 


>enable 
#show qos map 
qos map priority 
map entry 10 
match IP packets with a precedence value of 6 
priority bandwidth: 400 (kilobits/sec) burst: default 
map entry 20 
match ACL icmp 
map entry 30 
match RTP packets on even destination ports between 16000 and 17000 
map entry 50 
match ACL tcp 
map entry 60 
match IP packets with a dscp value of 2 
set dscp value to 6 
map entry 70 
match NetBEUI frames being bridged by the router 
priority bandwidth: 150 (kilobits/sec) burst: default 
qos map tcp_map 
map entry 10 
match ACL tcp 
priority bandwidth: 10 (kilobits/sec) burst: default 
set precedence value to 5 
map entry 20 
match IP packets with a precedence value of 3 
priority bandwidth: 50 (kilobits/sec) burst: default 


The following example shows the QoS map named priority and all entries in that map: 


>enable 
#show qos map priority 
qos map priority 
map entry 10 
match IP packets with a precedence value of 6 
priority bandwidth: 400 (kilobits/sec) burst: default 
map entry 20 
match ACL icmp 
map entry 30 
match RTP packets on even destination ports between 16000 and 17000 
map entry 50 
match ACL tcp 
map entry 60 
match IP packets with a dscp value of 2 
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set dscp value to 6 

map entry 70 
match NetBEUI frames being bridged by the router 
priority bandwidth: 150 (kilobits/sec) burst: default 


The following example shows only QoS map named priority with the sequence number 10: 


>enable 
#show qos map priority 10 
qos map priority 
map entry 10 
match IP packets with a precedence value of 6 
priority bandwidth: 400 (kilobits/sec) burst: default 


The following examples show QoS map interface statistics associated with the applied map for the 
frame-relay 1 interface: 


>enable 
#show qos map interface frame-relay 1 
fr 1 
qos-policy out: priority 
map entry 10 
match IP packets with a precedence value of 6 
budget 145/10000 bytes (current/max) 
priority bandwidth: 400 (kilobits/sec) 
packets matched on interface: 27289 
packets dropped: 0 


map entry 20 
match IP packets with a DSCP value of af41 
class bandwidth: 40 (% of remaining) 
conversation: 235 
packets matched: 23457 
packets dropped: 0 
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show queue <interface> 


Use the show queue command to display conversation information associated with an interface queue. 
This command shows summary and per-conversation information. The per-conversation details are only 
displayed if the interface has sufficient traffic to be congested and packets are being held in the interface 
queue. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<interface> Displays the queueing information for the specified interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
the show queue ? command to display a list of valid interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 

Release 9.1 Command was expanded to include HDLC interface. 

Release 11.1 Demand interface was added. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is a sample output from the show queue command: 


>enable 
#show queue ethernet 0/2 
Queueing method: weighted fair 
Output queue: 4/222/540/64/1 76 (size/highest/max total/threshold/drops) 
Conversations 0/4/256 (active/max active/max total) 
Available Bandwidth 15000 kilobits/sec 


(depth/weight/matches/discards) 4/32768/32456/0 
Conversation 178, linktype: ip, length: 936 

source: 10.22.13.34, destination: 10.22.2.3, id: Oxddcé6, ttl: 127, 
TOS: 0 prot: 6 (tcp), source port 1086, destination port 20 
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show queuing 


Use the show queuing command to display information associated with configured queuing methods. 
Variations of this command include: 


show queuing 
show queuing fair 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





fair Optional. Displays only information on the weighted fair queuing 
configuration. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample output from the show queuing command: 


>enable 
#show queuing 
Interface Discard threshold Conversation subqueues 
fr 1 64 256 
fr2 64 256 
ppp 1 64 256 
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show radius statistics 


Use the show radius statistics command to display various statistics from the RADIUS subsystem. These 
statistics include number of packets sent, number of invalid responses, number of timeouts, average packet 
delay, and maximum packet delay. Statistics are shown for both authentication and accounting packets. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 


The following is an example output using the show radius statistics command: 


>enable 
#show radius statistics 

Auth. Acct. 
Number of packets sent: 3 0 
Number of invalid responses: 0 0 
Number of timeouts: 0 0 
Average delay: 2ms Oms 
Maximum delay: 3 ms Oms 
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show route-map 


Use the show route-map command to display any route maps that have been configured in the router. This 
command displays any match and set clauses associated with the route map, as well as the number of 
incoming routes that have matched each route map. Route maps can be used for BGP and PBR. Variations 
of this command include: 


show route-map 
show route-map <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Displays only the route map matching the specified name. 


Default Values 





By default, this command displays all defined route-maps. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





In the example below, all route-maps in the router are displayed. 


>enable 
#show route-map 
route-map RouteMap1, permit, sequence 10 
Match clauses: 

community (community-list filter): CommList1 
Set clauses: 

local-preference 250 
BGP Filtering matches: 75 routes 
Policy routing matches: 0 packets 0 bytes 
route-map RouteMap1, permit, sequence 20 
Match clauses: 

community (community-list filter): CommList2 
Set clauses: 

local-preference 350 
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BGP Filtering matches: 87 routes 
Policy routing matches: 0 packets 0 bytes 
route-map RouteMap2, permit, sequence 10 
Match clauses: 

ip address (access-lists): Acl1 
Set clauses: 

metric 100 
BGP Filtering matches: 10 routes 
Policy routing matches: 0 packets 0 bytes 
route-map RouteMap2, permit, sequence 20 
Match clauses: 

ip address (access-lists): Acl2 
Set clauses: 

metric 200 
BGP Filtering matches: 12 routes 
Policy routing matches: 0 packets 0 bytes 
route-map RouteMap3, permit, sequence 10 
Match clauses: 

length 150 200 
Set clauses: 

ip next-hop: 10.10.11.254 
BGP Filtering matches: 0 routes 
Policy routing matches: 0 packets 0 bytes 
route-map RouteMap3, permit, sequence 20 
Match clauses: 

ip address (access-lists): Acl3 
Set clauses: 

ip next-hop: 10.10.11.14 
BGP Filtering matches: 0 routes 
Policy routing matches: 144 packets 15190 bytes 


In the example below, only RouteMapz2 is displayed. 


>enable 
#show route-map RouteMap2 
route-map RouteMap2, permit, sequence 10 
Match clauses: 
ip address (access-lists): Acl1 
Set clauses: 
metric 100 
BGP Filtering matches: 10 routes 
Policy routing matches: 0 packets 0 bytes 
route-map RouteMap2, permit, sequence 20 
Match clauses: 
ip address (access-lists): Acl2 
etc. 
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show rtp resources 


Use the show rtp resources command to display Realtime Transfer Protocol (RTP) resource information. 
Variations of this command include: 


show rtp resources 
show rtp resources debug 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





debug Activates the RTP resources event debug messages. 


Default Values 





No default value necessary for this command. 


Command History 


Release 10.1 Command was introduced. 
Release 14.1 Command was expanded to include more options. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output for the show rtp resources command: 


>enable 
#show rtp resources 
DSP Channel Type Port Status 


0/1 1 RTP N/A Available 
0/1 2 RTP N/A Available 
0/1 3 RTP N/A Available 
0/1 4 RTP N/A Available 
0/1 5 RTP N/A Available 
0/1 6 RTP N/A Available 
0/1 7 RTP N/A Available 
0/1 8 RTP N/A Available 
0/1 9 RTP N/A Available 
0/1 10 RTP N/A Available 
etc. 
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show running-config 


Use the show running-config command to display all the nondefault parameters contained in the current 
running configuration file. Specific portions of the running configuration may be displayed, based on the 
command entered. Variations of this command include the following: 


show running-config 

show running-config access-lists 

show running-config access-lists verbose 
show running-config checksum 

show running-config interface <interface> 

show running-config interface <interface> verbose 
show running-config ip-crypto 

show running-config ip-crypto verbose 

show running-config ip rtp 

show running-config ip rtp verbose 

show running-config ip sdp 

show running-config ip sdp verbose 

show running-config ip sip 

show running-config ip sip verbose 

show running-config ip urlfilter 

show running-config policy-class 

show running-config policy-class verbose 
show running-config probe 

show running-config probe verbose 

show running-config qos-map 

show running-config qos-map verbose 

show running-config quality-monitoring 

show running-config quality-monitoring verbose 
show running-config router bgp 

show running-config router pim-sparse 

show running-config router pim-sparse verbose 
show running-config track 

show running-config track verbose 

show running-config verbose 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines after. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 
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Syntax Description 





access-lists 


checksum 


interface <interface> 


ip-crypto 


ip rtp 


ip sdp 


ip sip 


ip urlfilter 


policy-class 


probe 
qos-map 


quality-monitoring 


router bgp 
router pim-sparse 


track 
verbose 


Default Values 


Displays the current running configuration for all configured IP access 
control lists (ACLs). 


Displays the encrypted message digest 5 (MD5) version of the running 
configuration. 


Displays the current running configuration for a particular interface. Specify 
an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
show running-config interface? for a complete list of valid interfaces. 


Displays the current running configuration for all IPSec virtual private 
network (VPN) settings. 


Displays the current running configuration for all IP Realtime Transport 
Protocol (RTP) parameters. 


Displays the current running configuration for all Session Description 
Protocol (SDP) parameters. 


Displays the current running configuration for all IP Session Initiation 
Protocol (SIP) parameters. 


Displays the current running configuration for all IP uniform resource locator 
(URL) filters. 


Displays the current running configuration for all configured IP policy 
classes. 


Displays the current configuration for all running probes. 


Displays the current running configuration for all configured quality of 
service (QoS) maps. 

Displays the current running configuration for voice quality monitoring 
(VQM). 

Displays the current Border Gateway Protocol (BGP) configuration. 


Displays the current global protocol independent multicast-sparse mode 
(PIM-SM) configuration. 


Displays the current running configuration for all tracks. 


Optional. Displays the entire running configuration to the terminal screen 
(versus only the nondefault values). 





No default value necessary for this command. 
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Command History 





Release 1.1 Command was introduced. 

Release 9.1 Command was expanded to include HDLC and tunnel interfaces. 

Release 11.1 Demand, FXO, and serial interfaces were added. The ip-crypto and router 
pim-sparse keywords were added. 

Release 13.1 Command was expanded to include ip rtp, ip sdp, probe and track 
subcommands+. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include and 


the ip urlfilter and quality-monitoring keywords. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following is a sample output from the show running-config command: 


>enable 

#show running-config 

Building configuration... 

| 

no enable password 

| 

ip subnet-zero 

ip classless 

ip routing 

| 

event-history on 

no logging forwarding 

logging forwarding priority-level info 
no logging email 

| 

ip policy-timeout tcp all-ports 600 
ip policy-timeout udp all-ports 60 
ip policy-timeout icmp 60 

| 

interface eth 0/1........ 
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show running-config voice 


Use the show running-config voice command to show running voice configurations. Variations of this 


command include the following: 


show running-config voice 

show running-config voice ani 

show running-config voice ani verbose 

show running-config voice autoattendant 

show running-config voice autoattendant verbose 
show running-config voice class-of-service 

show running-config voice class-of-service verbose 
show running-config voice class-of-service <name> 
show running-config voice class-of-service <name> verbose 
show running-config voice directory 

show running-config voice directory verbose 

show running-config voice grouped-trunk 

show running-config voice grouped-trunk verbose 
show running-config voice grouped-trunk <name> 
show running-config voice grouped-trunk <name> verbose 
show running-config voice line 

show running-config voice line verbose 

show running-config voice line <number> 

show running-config voice line <number> verbose 
show running-config voice mail 

show running-config voice mail verbose 

show running-config voice operator-group 

show running-config voice operator-group verbose 
show running-config voice ring-group 

show running-config voice ring-group verbose 
show running-config voice ring-group <name> 
show running-config voice ring-group <name> verbose 
show running-config voice speed-dial 

show running-config voice speed-dial verbose 
show running-config voice status-group 

show running-config voice status-group verbose 
show running-config voice status-group <name> 
show running-config voice status-group <name> verbose 
show running-config voice trunk 

show running-config voice trunk verbose 

show running-config voice trunk <7xx> 

show running-config voice trunk <7xx> verbose 
show running-config voice user 

show running-config voice user verbose 

show running-config voice user <number> 

show running-config voice user <number> verbose 
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show running-config voice verbose 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





ani Optional. Displays ANI substitution configurations. 

autoattendant Optional. Displays autoattendant configuration. 

class-of-service Optional. Displays all voice class of service (CoS) configurations. 

class-of-service <name> Optional. Displays voice CoS configurations for the specified rule set. 

directory Optional. Displays voice directory configuration. 

grouped-trunk Optional. Displays all voice trunk group configurations. 

grouped-trunk <name> Optional. Displays voice trunk group configurations for the specified trunk. 

line Optional. Displays the voice line configuration. 

line <number> Optional. Displays the voice line configuration for a specified extension. 

mail Optional. Displays voice mail configuration. 

operator-group Optional. Displays operator group configuration. 

ring-group Optional. Displays all configured ring groups. 

ring-group <name> Optional. Displays ring group configurations for the specified ring group. 

speed-dial Optional. Displays all entries for soeed-dial entries. 

status-group Optional. Displays all status group information. 

status-group <name> Optional. Displays information on the specified status-group. 

trunk Optional. Displays all voice trunk configurations. 

trunk <Txx> Optional. Displays voice trunk configurations for the specified trunk. Use 
the trunk's 2-digit identifier following T (for example, T99). 

user Optional. Displays all configured voice users. 

user <number> Optional. Displays voice user configurations for the specified user. 

verbose Optional. Displays detailed information on all or on the specified voice 


running configurations. 


Default Values 





No default necessary for this command. 
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Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command was expanded. 
Release 13.1 Command was expanded. 
Release 14.1 Command was expanded. 
Release 15.1 Command was expanded. 
Release 16.1 Command was expanded. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show running-config voice command: 


>enable 

#show voice running-config voice 
Building configuration... 

| 

voice hold-reminder 15 

voice flashhook mode interpreted 

| 

voice dial-plan 1 local 8000 

| 

voice class-of-service sett 
billing-codes 

| 

voice class-of-service set2 

| 

voice class-of-service “set 1" 

| 

voice codec-list trunk 

default 

codec g711ulaw 

codec g/29 

| 

voice codec-list “list 1" 

| 

voice codec-list list1 

| 

voice trunk T99 type t1-rbs supervision wink role network 
| 

voice trunk T01 type sip 

| 

voice trunk T07 type t1-rbs supervision wink role network 
| 

voice trunk T02 type t1-rbs supervision wink role network 
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voice trunk T03 type t1-rbs supervision wink role network 
| 


voice trunk T12 type sip 

| 

voice grouped-trunk TEST 

no description 

reject IOOXXXXXXX 

| 

voice grouped-trunk TESTGROUP 
no description 
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show schedule 


Use the show schedule command to display information regarding the schedule configuration. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





There are no subcommands for this command. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 15.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample from the show schedule command: 


>enable 

#show schedule 

Schedule entry: DELAY-AFTER-BOOT (active) 
Schedule entry: DELAY (inactive) 


Technology Review 





The scheduler provides a method for configuring a feature to operate during a specific time schedule and 
to receive feedback when the feature should disable or enable. The goal of the scheduler is to eliminate 
redundant code while providing an understandable, streamlined application program interface (API) for 
rapid feature development with schedules. The show schedule command displays how many features are 
scheduled and whether they are active or inactive. 
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show sip location 


Use the show sip location command to display Session Initiation Protocol (SIP) statistical and registration 
information. Variations of this command include: 


show sip location 
show sip location dynamic 
show sip location static 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





dynamic Optional. Displays SIP location database dynamic entries. 
static Optional. Displays SIP location database static entries. 


Default Values 





No default necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 12.1 Command output was updated. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show sip location static command: 


>enable 

#show sip location static 

User IP Address Port Expires Source 
9001 1.1.1.2 5060 52 Registrar 


9002 10.10.10.2 5060 3336 Registrar 
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show sip 


Use the show sip command to display Session Initiation Protocol (SIP) statistical and registration 
information. Variations of this command include: 


show sip name-service name-table 
show sip resources 

show sip statistics 

show sip user-registration 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





name-service name-table Displays SIP name service information in the name table. 


resources Displays SIP server resource information. 
statistics Displays SIP server statistic information. 
user-registration Displays local SIP server registration information. 


Default Values 


No default necessary for this command. 


Command History 





Release 9.3 Command was introduced. 

Release 11.1 Resources, statistics, and user-registration options were added. 
Release 15.1 Name-service name-table option added. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 

The following example shows sample output from the show sip statistics command: 
>enable 

#show sip statistics 


Invites transmitted: 36 
Invites received: 26 


Invite Retransmits transmitted: 11 
Invite Retransmits received: 0 
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Non-Invites transmitted: 1869 
Non-Invites received: 1911 


Non-Invite Retransmits transmitted: 12 
Non-Invite Retransmits received: 41 


Responses transmitted: 1982 
Responses received: 3535 


Response Retransmits transmitted: 45 
Response Retransmits received: 0 
The following example shows sample output from the show sip user-registration command: 


>enable 
#show sip user-registration 


EXT. TYPE IP ADDRESS PORT EXP 
9001 SIP - Generic 1.1.1.2 5060 25 
9002 SIP - Generic 10.10.10.2 5060 3419 


Total phones registered: 2 


Technology Review 





SIP name service maintains a list of service names relevant to SIP transactions while also facilitating 
access between SIP-related queries to the external domain name service (DNS) and the internal DNS 
client. Service names are automatically entered and deleted from the internal service name table when 
configured or not configured for SIP-related subsystems. The SIP name service begins polling external 
DNS servers for recently added service names to preemptively resolve service names before they are 
deleted. Using the show sip name-service name-table command will show the status of added service 
names. 
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show sip proxy 


Use the show sip proxy command to display Session Initiation Protocol (SIP) proxy statistical and 
registration information. Variations of this command include: 


show sip proxy resources 

show sip proxy resources realtime 
show sip proxy user 

show sip proxy user realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 


resources Displays SIP proxy resource information. 
user Displays SIP proxy user database information. 
realtime Optional. Displays SIP proxy information in real time. Refer to the 


Functional Notes below for more information. 


Default Values 


No default necessary for this command. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following example shows sample output from the show sip proxy resources command: 


>enable 
#show sip proxy resources 


Type Name Allocated Currently in Use Max Used 


Proxy proxyPoolElements 630 0 0 
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show sip trunk-registration 


Use the show sip trunk-registration command to display Session Initiation Protocol (SIP) statistical and 
registration information. Variations of this command include the following: 


show sip trunk-registration 

show sip trunk-registration realtime 

show sip trunk-registration <7xx> 

show sip trunk-registration <7xx> realtime 

show sip trunk-registration <Txx> <name> 

show sip trunk-registration <7xx> <name> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





<Txx> Optional. Specifies the trunk identity; where xx is the trunk’s two-digit 
identifier (e.g., T01). 

<name> Optional. Specifies the name associated with the trunk. 

realtime Optional. Displays local SIP client registration information in real time. Refer 


to the Functional Notes below for more information. 


Default Values 





No default necessary for this command. 


Command History 


Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following example shows sample output from the show sip trunk-registration command: 


>enable 
#show sip trunk-registration 


Ext Register Expire Grant Success Redirect Challenge Failed Timeout 


4433 NO 0 0 0 0 0 0 # 
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show snmp 


Use the show snmp command to display the system Simple Network Management Protocol (SNMP) 
current configuration. Variations of this command include the following: 


show snmp enginelD 
show snmp group 
show snmp user 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





enginelD Displays the hex string that defines the current local engine ID settings. 
group Displays the list of all groups entered. 
user Displays the list of all users entered. 


Default Values 





No default is necessary for this command. 


Command History 





Release 1.1 Command was introduced. 

Release 13.1 Command was expanded to include the enginelD, group, and user 
options. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output using the show snmp command for a system with SNMP disabled, and the 
default chassis and contact parameters: 


>enable 
#show snmp 
Chassis: Chassis ID 
Contact: Customer Service 
0 Rx SNMP packets 
0 Bad community names 
0 Bad community uses 
0 Bad versions 
0 Silent drops 
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The following is sample output of the show snmp group command for a situation in which a group called 
securityV3auth was defined (via the snmp-server group commana) using version 3 and authentication, 
and no access control list: 


>enable 

#show snmp group 

Group: securityV3auth Security Model: v3 

Read View: default Write View: <not specified> 


Notify View: default 
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show sntp 


Use the show sntp command to display the system Simple Network Time Protocol (SNTP) parameters and 
current status of SNTP communications. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays the SNTP parameters and current status: 


>enable 
#show sntp 
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show spanning-tree 


Use the show spanning-tree command to display the status of the spanning-tree protocol. Variations of 
this command include: 


show spanning-tree 

show spanning-tree <number> 

show spanning-tree realtime 

show spanning-tree <number> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Using the realtime argument for this command may adversely affect system performance 
and should be used with discretion. 








Syntax Description 


<number> Optional. Displays spanning-tree for a specific bridge group. This command is 
only applicable to routers configured for bridging. 


realtime Optional. Displays full-screen spanning tree information in real time. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 10.1 Command was expanded to include the realtime option. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following is an example output using the show spanning-tree command: 


>enable 
#show spanning-tree 
Spanning Tree enabled protocol ieee 
Root ID Priority 32768 
Address  00:a0:c8:00:88:41 
We are the root of the spanning tree 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Bridge ID Priority 32768 
Address  00:a0:c8:00:88:41 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 


Interface Role Sts Cost Prio. Nbr. Type 
eth 0/2 Desg FWD 19 128.2 P2p 
eth 0/3 Desg FWD 19 128.3 P2p 
eth 0/4 Desg FWD 19 128.4 P2p 
giga-eth 0/1 Desg FWD 4 128.25 P2p 
giga-eth 0/2 Desg FWD 4 128.26 P2p 
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show spanning-tree active 


Use the show spanning-tree active command to display the spanning-tree status on active interfaces only. 
Variations of this command include: 


show spanning-tree active 
show spanning-tree active detail 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





detail Optional. Displays the spanning-tree protocol status in detail. 


Default Values 





No default value necessary for this command. 


Command History 


Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is an example output using the show spanning-tree active command: 


>enable 
#show spanning-tree active 
Spanning Tree enabled protocol ieee 
Root ID Priority 32768 
Address 00:a0:c8:00:88:41 
We are the root of the spanning tree 
Hello Time 2sec Max Age 20 sec Forward Delay 15 sec 
Bridge ID Priority 32768 
Address _00:a0:c8:00:88:41 
Hello Time 2sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 
eth 0/9 Desg FWD 19 128.9 P2p 
eth 0/24 Desg FWD 19 128.24 P2p 
Interface Role Sts Cost Prio. Nor. Type 
eth 0/2 Desg FWD 19 128.2 P2p 
eth 0/3 Desg FWD 19 128.3 P2p 
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show spanning-tree blockedports 


Use the show spanning-tree blockedports command to display ports that are currently in a blocked state. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is an example output using the show spanning-tree blockedports command: 


>enable 

#show spanning-tree blockedports 

Blocked Interfaces List 

eth 0/3 

giga-eth 0/2 

p-chan 1 

Number of blocked ports (segments) in the system: 3 
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show spanning-tree interface </nterface> 


Use the show spanning-tree interface command to display spanning-tree protocol information for a 
particular interface. Variations of this command include: 


show spanning-tree interface <interface> 

show spanning-tree interface <interface> active 
show spanning-tree interface <interface> active detail 
show spanning-tree interface <interface> cost 

show spanning-tree interface <interface> edgeport 
show spanning-tree interface <interface> priority 
show spanning-tree interface <interface> rootcost 
show spanning-tree interface <interface> state 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





<interface> Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
dot11ap 1/1.1. Type show spanning-tree interface ? for a complete list of 
valid interfaces. 


active Optional. Displays information for an active interface. 

active detail Optional. Displays detailed spanning-tree protocol information for an active 
interface. 

cost Optional. Displays only spanning-tree protocol path cost information. 

edgeport Optional. Displays information for all interfaces configured as edgeports. 

priority Optional. Displays only spanning-tree protocol priority information. 

rootcost Optional. Displays only spanning-tree protocol root path cost information. 

state Optional. Displays only spanning-tree protocol state information. 


Default Values 





No default value necessary for this command. 
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Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is an example output using the show spanning-tree interface ethernet command: 


>enable 

#show spanning-tree interface ethernet 0/2 

Interface Role Sts Cost Prio. Nbr. Type 
eth 0/2 Desg LIS 19 128.2 P2p 
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show spanning-tree pathcost method 


Use the show spanning-tree pathcost method command to display the default pathcost method being 
used. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output using the show spanning-tree pathcost method command. In this case, 
32-bit values are being used when calculating path costs: 


>enable 
#show spanning-tree pathcost method 
Spanning tree default pathcost method used is long 
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show spanning-tree root 


Use the show spanning-tree root command to display information regarding the spanning-tree protocol 
root. Variations of this command include: 


show spanning-tree root 

show spanning-tree root address 
show spanning-tree root cost 

show spanning-tree root detail 

show spanning-tree root forward-time 
show spanning-tree root hello-time 
show spanning-tree root id 

show spanning-tree root max-age 
show spanning-tree root port 

show spanning-tree root priority 
show spanning-tree root priority system-id 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘oe excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





address Optional. Displays the address of the spanning-tree root. 

cost Optional. Displays the path cost of the spanning-tree root. 

detail Optional. Displays the spanning-tree root information in detail. 
forward-time Optional. Displays the forward-time of the spanning-tree root. 
hello-time Optional. Displays the hello-time of the spanning-tree root. 

id Optional. Displays the ID of the spanning-tree root. 

max-age Optional. Displays the maximum age of the spanning-tree root. 

port Optional. Displays the port of the spanning-tree root. 

priority Optional. Displays the priority of the spanning-tree root. 

priority system-id Optional. Displays the priority and system-id of the spanning-tree root. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Usage Examples 





The following is an example output using the show spanning-tree root command: 


>enable 

#show spanning-tree root 

Root ID Root Cost Hello Time Max Age FwdDly _ Root Port 
8191 00:a0:c8:b9:bb:82 108 2 20 15 eth 0/1 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 521 


Command Reference Guide Enable Mode Command Set 





show stack 


Use the show stack command to view the status of all the switches configured for stacking. Displays the 
mode of the switch as either master or member. If the mode is master, this command also gives the status 
of the stack members. Variations of this command include: 


show stack 

show stack candidates 

show stack candidates realtime 
show stack realtime 

show stack topology 

show stack topology realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








oe Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





candidates Optional. Displays all units that have registered with this stack master. This 
option is only available on a switch configured as a stack master. 


topology Optional. Displays the stack topology. This option is only available on a 
switch configured as a stack master. 


realtime Optional. Displays full-screen output in real time. Refer to Functional Notes 
below for more information. 


Default Values 


No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 10.1 The real time display option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





The stack candidates are a list of units that could be added to the stack. They are not yet members. 


Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following example displays the configuration of the switch stack while in stack-master mode: 


>enable 

#show stack 

Stack mode is MASTER 

Management Vlan is 2386, firmware version is 08.00.18.D 
Stack network is 169.254.0.0/24 


Stack members... 


Member Mac Address Mgmt IP Address Source Interface State 

2 00:A0:C8:02:CF:CO 169.254.0.2 Stack port Up 

3 00:A0:C8:00:8C:20 169.254.0.3 Stack port Up 

# 

Member Specifies the stack member's Unit ID. 

Mac Address Specifies the stack member's MAC address. 

Mgmt IP Address Specifies the stack member's IP address. 

Source Interface Specifies the interface that the stack member was learned from. 

State Specifies the stack member’s state: Up (member is up and functioning 


properly); Down (member was at one time functioning, but contact has 
been lost); Waiting (waiting for the unit to register; when registered, it will 
be added to the stack); Denied (the unit could not be added to the stack 
because the stack protocol versions were not compatible). 


The following example displays the configuration of the switch stack while in stack-member mode: 


>enable 

#show stack 

Stack mode is STACK-MEMBER 

My Unit ID is 3, management Vlan is 2386 

Stack management network is 169.254.0.0/24 

Stack Master info: 

Master is “Switch”, learned via giga-eth 0/1 

IP address is 169.254.0.1, MAC address is 00:DE:AD:00:65:83 
# 
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The following example displays all units that have registered with this stack-master: 


>enable 
#show stack candidates 
Displaying all known Stack candidates... 


MAC Address System Name Source Interface AOS Revision 
00:A0:C8:00:8C:20 LabSwitch1 stack port 08.00.18 
00:A0:C8:00:F5:6C LabSwitch2 stack port 08.00.19.D 
00:A0:C8:02:CF:CO LabSwitch3 stack port 08.00.20.D 

# 
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show startup-config 


Use the show startup-config command to display a text printout of the startup configuration file stored in 
nonvolitile random access memory (NVRAM). Variations of this command include: 


show startup-config 
show startup-config checksum 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





checksum Displays the message digest 5 (MD5) checksum of the unit’s startup 
configuration. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





This command is used in conjunction with the show running-config checksum command to determine 
whether the configuration has changed since the last time it was saved. 


Usage Examples 





The following is a sample output of the show startup-config command: 


>enable 

#show startup-config 
| 

| 

no enable password 

| 

ip subnet-zero 

ip classless 

ip routing 

| 
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event-history on 

no logging forwarding 

logging forwarding priority-level info 
no logging email 

| 

ip policy-timeout tcp all-ports 600 

ip policy-timeout udp all-ports 60 

ip policy-timeout icmp 60 

| 


| 

| 
interface eth 0/1 
speed auto 

no ip address 

shutdown 

| 
interface dds 1/1 

shutdown 

| 
interface bri 1/2 

shutdown 

| 

| 
ip access-list standard MatchAll 
permit host 10.3.50.6 

permit 10.200.5.0 0.0.0.255 
| 
| 
ip access-list extended UnTrusted 
deny icmp 10.5.60.0 0.0.0.255 any source-quench 
deny tcp any any 
| 
no ip snmp agent 
| 
| 
| 
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show system 


The show system command shows the system version, timing source, power source, and alarm relay 
status. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output for the show system command: 


>enable 

#show system 

ADTRAN, Inc. OS version 07.00.20 

Checksum: 3B2FCCOF, built on Tue Jun 01 13:36:36 2004 
Boot ROM version 07.00.20 

Checksum: 604D, built on: Tue Jun 01 13:59:11 2004 
Copyright (c) 1999-2004, ADTRAN, Inc. 

Platform: Total Access 900 

Serial number TechPub 

Flash: 8388608 bytes DRAM: 33554431 bytes 

ICP uptime is 0 days, 0 hours, 53 minutes, 50 seconds 
System returned to ROM by External Hard Reset 
Current system image file is “O70020.biz” 

Boot system image file is “O70020.biz” 

Power Source: AC 

Primary System clock source config: t1 0/1 

Secondary System clock source config: t1 0/1 

Active System clock source: t1 0/1 
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show tacacs+ statistics 


Use the show tacacs+ statistics command to display terminal access controller access control system 
(TACACS-+) client statistics. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output for the show tacacs+ statistics command: 


>enable 
#show tacacs+ statistics 
Authentication Authorization Accounting 


Packets sent: 0 0 0 
Invalid responses: 0 0 0 
Timeouts: 0 0 0 
Average delay: Oms Oms Oms 
Maximum delay: Oms Oms Oms 
Socket Opens: 0 

Socket Closes: 0 

Socket Aborts: 0 

Socket Errors: 0 

Socket Timeouts: 0 

Socket Failed Connections: 0 

Socket Packets Sent: 0 

Socket Packets Received: 0 
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show tcp info 


Use the show tcp info command to display Transmission Control Protocol (TCP) control block 
information in AOS. This information is for troubleshooting and debug purposes only. For more detailed 
information, you can optionally specify a particular TCP control block. When a particular TCP control 
block is specified, the system provides additional information regarding crypto map settings that the show 
tep info command does not display. Variations of this command include: 


show tcp info 

show tcp info realtime 

show tcp info <contro! block> 

show tcp info <contro! block> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





<control block> Optional. Specifies a particular TCP control block for more detailed information. 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 10.1 The real time display option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 
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Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following is a sample from the show tcp info command: 


>enable 

#show tcp info 

TCP TCB Entries 

ID STATE LSTATE OSTATE TYPE FLAGS RPORT LPORT SWIN SRT INTERFACE 


0 FREE FREE FREE SRVR 0 0 0 0 0 NONE 
1 LISTEN FREE FREE CONN 0 0 21 0 0 NONE 
2 LISTEN FREE FREE CONN 0 0 80 0 0 NONE 
3 LISTEN FREE FREE CONN 0O 0 23 0 0 NONE 
4 LISTEN FREE FREE CONN 0 0 5761 0 0 NONE 
5 FREE FREE FREE SRVR_ 0 0 0 0 0 NONE 
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show tech 


Use the show tech command to save technical information to a file named showtech.txt. Variations of this 
command include: 


show tech 
show tech terminal 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





terminal Optional. Displays the showtech.txt file output to the terminal screen in real 
time. 


Default Values 





No default necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





The show tech command runs a script that creates a showtech.txt file in flash memory that contains the 
command output from the following show commands: 





‘one Not all listed show commands apply to all ADTRAN products. 





show version 

show modules 

show flash 

show cflash 

show running-config verbose 
show interfaces 

show atm pvc 

show dial-backup interfaces 
show frame-relay Imi 
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show frame-relay pvc 
show ip bgp neighbors 
show ip bgp summary 
show ip ospf neighbor 
show ip ospf summary-address 
show ip mroute 

show ip bridge 

show spanning-tree 
show ip interfaces 
show connections 
show arp 

show ip traffic 

show tcp info 

show ip protocols 
show ip route 

show ip access-lists 
show event-history 
show output-startup 
show processes cpu 
show buffers 

show buffers users 
show memory heap 
show debugging 


Usage Examples 


The following example creates a showtech.txt file and displays it to the terminal screen: 


>enable 

#show tech 

Opening and applying file..... 
Done. 
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show temperature 


Use the show temperature command to display the unit temperature. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 7.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output from the show temperature command: 


>enable 
#show temperature 


Temperature: 33 degrees C 
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show thresholds 


Use the show thresholds command to display thresholds currently crossed for all DS1 interfaces. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output of the show thresholds command. 


>enable 

#show thresholds 

t1 1/1: 
SEFS 15 min threshold exceeded 
UAS 15 min threshold exceeded 
SEFS 24 hr threshold exceeded 
UAS 24 hr threshold exceeded 

t1 1/2: 
No thresholds exceeded 
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show toneservices resources 


Use the show toneservices resources command to display digital signal processor (DSP) tone 
information. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is sample output for this command: 
>enable 
#show toneservices resources 


DSP Channel Type Port Status 


0/1 1 RTP N/A _ Available 
0/1 2 RTP N/A _ Available 
0/1 3 RTP N/A _ Available 
0/1 4 RTP N/A _ Available 
0/1 5 RTP N/A _ Available 
0/1 6 RTP N/A _ Available 
0/1 7 RTP N/A _ Available 
0/1 8 RTP N/A _ Available 
0/1 9 RTP N/A _ Available 
0/1 10 RTP N/A _ Available 
0/1 11 RTP N/A _ Available 
0/1 12 RTP N/A _ Available 
0/1 13 RTP N/A _ Available 
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show track 


Use the show track command to display track object configuration and statistics. Refer to Network 
Monitor Track Configuration Command Set on page 2185 for information on configuring track objects. 
Variations of this command include the following: 


show track 
show track <name> 
show track <name> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





<name> Optional. Displays information only for the track object specified. 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following is a sample output of the show track command: 


>enable 
#show track track_1 
Current State: PASS 
Dampening Interval: 30 seconds 
Test Value: probe_A (PASS) AND probe_B (FAIL) 
Track Changes: 3 
Time in current state: 25 days 2 hours, 34 minutes, 32 seconds 
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show udp info 


Use the show udp info command to display User Datagram Protocol (UDP) session information. 
Variations of this command include: 


show udp info 

show udp info realtime 

show udp info <number> 

show udp info <number> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wo Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 


<number> Optional. Specifies ID of session to display. Valid range is 0 to 31. 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 10.1 The real time display option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following example shows sample output from the show udp info command: 


>enable 

#show udp info 

UDP Session Entries 

ID Local Port IP Address Socket 


2 520 0.0.0.0 1 
3 0 0.0.0.0 4 
4 161 0.0.0.0 5 
5 8 127.0.0.1 7 
6 10 0.0.0.0 11 
7 6 127.0.0.1 16 
8 4 127.0.0.1 17 
9 14 127.0.0.1 18 
10 12 127.0.0.1 19 
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show users 


Use the show users command to display the name (if any) and state of users authenticated by the system. 
Variations of this command include: 


show users 
show users realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 





Syntax Description 





realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 10.1 The real time display option was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Displayed information includes: 


* Connection location (for remote connections this includes Transmission Control Protocol (TCP) 
information) 

¢« User name of authenticated user 

* Current state of the login (in process or logged in) 

* Current enabled state 

« Time the user has been idle on the connection 


Usage Examples 





The following is a sample of show users output: 


>enable 

#show users 

- CONSOLE 0 'adtran' logged in and enabled 

Idle for 00:00:00 

- TELNET 0 (172.22.12.60:3998) 'password-only' logged in (not enabled) 
Idle for 00:00:14 

- FTP (172.22.12.60:3999) ‘adtran' logged in (not enabled) 

Idle for 00:00:03 
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show version 


Use the show version command to display the current ADTRAN operating system (AOS) version 
information. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following is a sample show version output: 


>enable 
#show version 


AOS version: 02.01.00 

Checksum: 1505165C Built on: Fri Aug 23 10:23:13 2002 
Upgrade key: 420987gacs9097gbdsado 

BootROM version: 02.01.00 

Checksum: DB85 Built on: Mon Aug 19 10:33:03 2002 
Copyright 1999-2002 ADTRAN Inc. 

Serial number b104 


Router uptime is 0 days 3 hours 9 minutes 54 seconds 
System returned to ROM by External Hard Reset 
System image file is “O20100.biz” 
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show vian 


Use the show vlan command to display current virtual local area network (VLAN) information. Variations 
of this command include: 


show vian 

show vlan brief 

show vlan brief realtime 

show vlan id <vian id> 

show vlan id <vian id> realtime 
show vlan name <name> 

show vian name <name> realtime 
show vian realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 


Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 


brief Optional. Shows an abbreviated version of the VLAN information (brief 
description). 
id <vian id> Optional. Shows information regarding a specific VLAN, specified by a VLAN 


interface ID (valid range: 1 to 4094). 


name <name> Optional. Shows information regarding a specific VLAN, specified by a VLAN 
interface name (up to 32 characters). 


realtime Optional. Displays full-screen output in real time. Refer to the Functional 
Notes below for more information. 


Default Values 





No default value necessary for this command. 
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Command History 





Release 5.1 Command was introduced. 

Release 10.1 The realtime display option was introduced. 

Release 15.1 The realtime display option was added to show vlan id and show vlan 
name. 

Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 


Usage Examples 





The following is a sample show vlan output: 


>enable 

#show vlan 

VLAN Name Status Ports 

- 1 Default active eth 0/5, eth 0/6, eth 0/8, eth 0/13, eth 0/14, eth 0/15, 
eth 0/16, eth 0/17, eth 0/18, eth 0/19, eth 0/20, 
eth 0/21, eth 0/22, eth 0/23, eth 0/24, giga-eth 0/1, 
giga-eth 0/2 

2 accounting active eth 0/1, eth 0/2 

3 VLANO003 active eth 0/3, eth 0/4, eth 0/7, eth 0/9, eth 0/10, eth 0/11, 
eth 0/12 

VLAN Type MTU 

- 4 enet 1500 

2 enet 1500 

3 
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The following is an example of the show vlan name command that displays VLAN 2 (accounting 
VLAN) information: 


>enable 
#show vlan name accounting 
VLAN Name Status Ports 
-2 accounting active eth 0/1, eth 0/2 
VLAN Type MTU 
=2 enet 1500 
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show voice alias 


Use the show voice alias command to display alias parameters. Aliases are used to mask identity settings, 
such as names and extensions. Variations of this command include: 


show voice alias 

show voice alias global 
show voice alias group 
show voice alias system 
show voice alias user 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





global Optional. Displays global aliases. 
group Optional. Displays group aliases. 
system Optional. Displays system aliases. 
user Optional. Displays user aliases. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice alias command: 


>enable 
#show voice alias 


MyAlias 4433 Global 


Total Displayed: 1 
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show voice ani 


Use the show voice ani command to display voice automatic number identification (ANI) substitution 
parameters. Variations of this command include: 


show voice ani 
show voice ani match <substitution> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





match <substitution> Optional. Displays a specific ANI substitution entry. 


Default Values 





No default value necessary for this command. 


Command History 


Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Examples and rules of use. 


MATCH # SUBST # 

1. 256-963-XXXX 9-963-XXXX 

2. NXX-NXX-XXXX 9-1-NXX-NXX-XXXX 
3. $ 9$ 


MATCH Number Rules - 

1. All “,” characters are ignored. 

2. All “[’ and “]’ brackets must match and contain numbers only [123]. 
3. If using a “$” wildcard, it is the only character allowed. 

4. “X” matches [0-9], “N” matches [2-9]. 
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Usage Examples 





The following example displays voice ANI information: 
>enable 
#show voice ani 


ani - match: 2323 
substitute: 5555 
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show voice available 


Use the show voice available command to list foreign exchange station (FXS) ports that are not associated 
with a user. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays FXS ports that are not associated with a user: 


>enable 
#show voice available 


Interface 


fxs 0/1 
fxs 0/2 
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show voice dial-plan 


Use the show voice dial-plan command to view number display templates. Variations of this command 
include: 


show voice dial-plan 
show voice dial-plan <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<number> Optional. Displays information about a specific number display template. 


Default Values 





No default value necessary for this command. 


Command History 


Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays information about number display template 1: 


>enable 

#show voice dial-plan 1 

Type ID Pattern 

Always Permitted 1 NXXNXXXXXX 
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show voice did 


Use the show voice did command to display direct inward dialing (DID) information. Variations of this 
command include: 


show voice did 

show voice did groups 
show voice did other 
show voice did users 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘tore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





groups Optional. Displays all DID entries for ring groups. 
other Optional. Displays all nonuser and nonring group DID entries. 
users Optional. Displays all DID entries for users. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 


The following example displays DID entries for ring groups: 


>enable 
#show voice did groups 
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show voice directory 


Use the show voice directory command to display direct inward dialing (DID) information. Variations of 
this command include: 


show voice directory 
show voice directory <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Specifies the name on the directory to display. Only extensions 
included in the specified directory will appear. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 14.1 Command was expanded. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all extensions sorted by extension number: 


>enable 
#show voice directory 
Directory Name: SYSTEM 


User Name External Extension 
John Smith 5006 
Jane Doe 5005 


Directory Name: Engineering 
User Name External Extension 


John Doe Yes 5551212 
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show voice door-phone 


Use the show voice door-phone command to display the door phone account settings. A door phone is 
used to communicate with visitors prior to them entering an establishment. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice door-phone command: 


>enable 
#show voice door-phone 


First Last Ext Interface Description 


Front Door 4430 virtual Front Door of Building 
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show voice extensions 


Use the show voice extensions command to display all of the current voice extensions and their status. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all extensions and the status of the extension: 
>enable 
#show voice directory extension 


AccountID Idle/Ring/Busy Available DND FWD 


T01 Idle * - - 
T06 Idle * - 7 
T02 Idle 7 7 : 
5200 Idle * 7 7 
6000 Idle * 5 5 
6001 Idle i = ss 
6002 Idle * = S 
6003 Idle i S = 
T03 Idle * 7 7 
2 Idle * 7 
1234 Idle * - - 
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show voice grouped-trunk 


Use the show voice grouped-trunk command to display all voice trunk groups. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all voice trunk groups: 


>enable 
#show voice trunked-group 


Name Resource-Selection Description 
SIP linear SIP trunk 
DSX linear DSX trunk 
DXS linear DXS trunk 
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show voice line 
Use the show voice line command to display voice line stations. Variations of this command include: 


show voice line 
show voice line <station> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<Sstation> Optional. Displays a specific voice line station name or extension on the 
system base on the valid voice line descriptors entered into the system. 


Default Values 





No default value necessary for this command. 


Command History 


Release 15.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice line command: 


>enable 

#show voice line 

Line: 4444 

Trunk: not configured 
Registered Endpoints: 0 
Call State: IDLE 

Active Endpoints: N/A 
DSP Resource: N/A 


Line: Sales 

Trunk: not configured 
Registered Endpoints: 0 
Call state: IDLE 

Active Endpoint: N/A 
DSP Resource: N/A 
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show voice loopback calls 


Use the show voice loopback calls command to display the status of the loopback call(s). 


The output of all show commands can be limited by appending the following modifiers to 

the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 

include modifier limits output to lines that contain the specified text, the exclude modifier 
‘one excludes any lines with the specified text, and the begin modifier displays the first line of 

output with the specified text and all lines thereafter. 

For specific instructions and examples regarding these modifiers, refer to the Enable 

Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example displays all voice loopback calls: 


>enable 

#show voice loopback calls 

ID Extension Codec Status Number Duration 

wanna nn nn nnn nnn nnn nnn nnn nnn nnn nnn nnn nnn nnn nn nnn nnn nn a nan ne ne nen nn nnn nena nnn nnn ee (hour:min:sec) 
1 1123 <ENDED (invalid number) -> 8837655 :01 

2 1123 Calling -> 4001 :05 

3 1123 <ENDED (no appearances) <- 4001 :01 

4 1123 G729 Connected -> 4001 07 
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show voice mail 


Use the show voice mail command to display voice mail information for the system or a specific user. 
Variations of this command include: 


show voice mail 
show voice mail <number> 
show voice mail notify-schedule <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<number> Optional. Displays voice mail information for the specified user’s extension. 


notify-schedule <number> Optional. Displays the voice mail notification schedule for the specified 
user’s extension. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice mail command: 


>enable 
#show voice mail 
New Num Total Time Total Time Greeting 


AccountID VM COS Msg Msg Used Free Time 

1000 - - 00:00:00 00:00:00 00:00 
2000 - - 00:00:00 00:00:00 00:00 
200 normal_voicemail 38 38 00:09:54 00:00:06 00:02 
2002 normal_voicemail 40 40 00:09:49 00:00:11 00:02 
2003 normal_voicemail 39 39 00:09:54 00:00:06 00:02 
2004 normal_voicemail 35 35 00:09:55 00:00:05 00:01 
2005 normal_voicemail 20 20 00:09:28 00:00:32 00:01 
2006 normal_voicemail 41 41 00:09:54 00:00:06 00:02 
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2015 normal_voicemail 42 42 00:09:57 00:00:03 00:01 
2016 executive_voi... 74 «74 00:18:11 00:11:49 00:02 
2017 executive_voi... 75 = 75 00:11:03 00:18:57 00:01 
2018 normal_voicemail 34 34 00:09:38 00:00:22 00:01 
2019 normal_voicemail 35 35 00:09:42 00:00:18 00:01 
2020 executive_voi... 73 O78 00:20:41 00:09:19 00:01 
0 - - 00:00:00 00:00:00 00:00 


The following is sample output for the show voice mail <number> command for extension 2017: 


>enable 
#show voice mail 2017 


Voicemail information for account: ?:5T 


VM Class of Service: executive_voicemail 

Standard Greeting: 00:09 Total Voicemail Usage: 00:11:04 
Alternate Greeting: 00:10 Total Voicemail Free: 00:18:56 
Recorded Name: 00:01 


Message 1 of 75 
Time/Date: 00:28:16 CST Sun Feb 07 2106 
Calling Party: UNKNOWN (UNKNOWN) 
Length: 00:00 
Status: Old 


The following is sample output for the show voice mail notify-schedule <number> command for 


extension 2017: 


>enable 
#show voice mail notify-schedule 2017 


Start End Email1 Email2 
Sun 12:00 am Mon 7:59 am = cae 
Mon 8:00 am Thu 11:59 pm Yes n--- 
Fri 12:00 am Sat 11:59 pm n--- oe 
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show voice operator-group 


Use the show voice operator-group command to display all operator groups. 








The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 


Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all operator groups: 


>enable 

#show voice operator-group 
Operator-group:0 = Call distribution type: all 
Number of calls allowed: 1 

Number of rings before coverage: 4 


Extension Firstname Lastname Logged In 


2001 John Smith 7 


Order # of Rings Call Coverage Action 


1 0 Auto Attendant 
2 2 None 
3 2 None 
4 2 None 
5 2 None 
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show voice phone-files 


Use the show voice phone-files command to display files required for Session Initiation Protocol (SIP) 
phone configuration. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice phone-files command: 


>enable 
#show voice phone-files 


03/02/2006 16:03 PM 216 0004f203f69c.cfg 
03/02/2006 16:03 PM 687 5001-0004f203f69c.cfg 
03/02/2006 16:03 PM 216 0004f203b0d6.cfg 
03/14/2006 16:03 PM 306 polycom.cfg 

7 File(s) 132516 bytes 

0 Dir(s) 0 bytes 


21019575 bytes used, 9720360 available, 30739935 total 
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show voice quality-stats 


Use the show voice quality-stats command to display voice quality statistical information. Variations of 
this command include the following: 


show voice quality-stats 

show voice quality-stats active 

show voice quality-stats active realtime 
show voice quality-stats </D> 

show voice quality-stats </D> realtime 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘nore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Wor Using the realtime argument for this command can adversely affect the performance of 
your unit. 








Syntax Description 





active Displays all quality statistics for active calls. 
<ID> Specifies an identity number of a call to obtain detailed statistics. 
realtime Optional. Displays full-screen output in real time. Refer to the Functional 


Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Use the realtime argument for this command to display full-screen output in real time. Information is 
continuously updated on the console until you either freeze the data (by pressing the F key) or exit 
realtime mode (by pressing Ctrl-C). If there is not enough room on the screen for all available data, the 
information will truncate at the bottom of the screen. In order to maximize the amount of data displayed, 
increase the terminal length (using the terminal length command; refer to terminal length <number> on 
page 583). 
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Usage Examples 





The following example displays voice quality statistics for all active calls: 


>enable 
#show voice quality-stats active 


Start Lost Discard Delay 
ID Time From To Duration Codec Pkts_ Pkts Avg Max 
4236 3:02pm 5152222 5157744 6:55 G711 2 0 50 50 
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show voice ring-group 
Use the show voice ring-group command to display all ring groups. Variations of this command include: 


show voice ring-group 
show voice ring-group <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<number> Optional. Displays information about a specific ring group extension. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 


The following example displays all ring groups: 


>enable 

#show voice ring-group 

ring-group +1234 type: linear 
description: 

Number of calls allowed: 1 

First Last Ext Logged In 
Order NumRings Action 

1 2 None 

2 2 None 

3 2 None 

4 2 None 

5 2 None 
ring-group 2 type: linear 
description: 
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Number of calls allowed: 1 


First Last Ext 

Order NumRings Action 
1 2 None 
2 2 None 
3 2 None 


Logged In 
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show voice speed-dial 


Use the show voice speed-dial command to display system speed dial information. Variations of this 
command include: 


show voice speed-dial 
show voice speed-dial <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<number> Optional. Displays information about a specific speed dial number. Valid 
range is 1 to 99. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays information on speed dial number 50: 


>enable 
#show voice speed-dial 50 
speed-dial - ID: 50 
Name: Main Office 
Number: 4000 
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show voice spre 


Use the show voice spre command to display all special prefix (SPRE) codes. Variations of this command 
include: 


show voice spre local 
show voice spre network 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





local Displays all SPRE codes used locally. 
network Displays all SPRE codes passed through to the network. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all local SPRE codes: 


>enable 
#show voice spre local 
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show voice status-group 


Use the show voice status-group command to display information on all voice status groups or on a 
specified group. Variations of this command include: 


show voice status-group 
show voice status-group <name> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<name> Optional. Displays all users within the specified status group. 


Default Values 





No default value necessary for this command. 


Command History 


Release 14.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all voice status group extensions: 


>enable 
#show voice status-group 


Status-group: Sales Team 
Description: 
Type Member ID Display Name Status 


user 2001 Martha Idle 
user 3002 Dan Idle 
user 3003 Betty Idle 
user 3004 Chris Idle 
user 4001 Jami Idle 


Number of members: 5 
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show voice switchboard 


Use the show voice switchboard command to display all voice switchboard extensions. 


The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all voice switchboard extensions: 


>enable 
#show voice switchboard 
Ext 
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show voice system-mode 


Use the show voice system-mode command to display the current system mode running on the unit. 
Specifying a day will display any transitions configured for that day. Variations of this command include: 


show voice system-mode 

show voice system-mode sunday 
show voice system-mode monday 
show voice system-mode tuesday 
show voice system-mode wednesday 
show voice system-mode thursday 
show voice system-mode friday 
show voice system-mode saturday 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 





Syntax Description 





[Sunday - saturday] Optional. Displays the specified system mode programmed in the unit. 
Choose from Sunday through Saturday. 


Default Values 





No default value is valid for this command. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example shows sample output from the show voice system-mode monday command: 


>enable 

#show voice system-mode monday 

Current system-mode: default 

System-mode transition - Day: monday 
Mode @ time: lunch @ 12:00 
Mode @ time: default @ 13:00 
Mode @ time: night @ 17:00 
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The following example shows sample output from the show voice system-mode command: 


>enable 
#show voice system-mode 
Current system-mode: weekend 
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show voice trunk 
Use the show voice trunk command to display all voice trunks. Variations of this command include: 


show voice trunk 
show voice trunk <trunk id> 
show voice trunk connects <trunk id> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 


connects Optional. Displays all trunk voice interface connections. 


<trunk id> Optional. Displays voice trunk information for a specific trunk ID. Use T01, 
T02, and so on for the trunk ID. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 


The following example displays all voice trunks: 


>enable 
#show voice trunk 
Busy Busy Busy Non Busy Busy Non Busy 
Trunk Resource Admin. Admin. Attempts Attempts Attempts Attempts 
Name Selection Config. Status Today Today Total Total 
T01 linear Not Busy Not Busy 0 0 0 7 
TO6 linear Not Busy NoConnects 0 0 0 0 
T02 linear Not Busy Not Busy 0 0 0 27 
T03 linear Not Busy NoConnects 0 0 0 0 
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The following example displays all voice interface connections: 


>enable 
#show voice switchboard 
Trunk Interface  Slot/Port | Tdm-group Timeslot 
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show voice users 
Use the show voice users command to display all voice user stations. Variations of this command include: 


show voice users 

show voice users did 

show voice users extension 
show voice users last 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





did Optional. Displays all users included in the directory. 
extension Optional. Displays directory entries sorted by extensions. 
last Optional. Displays directory entries sorted by last name. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 14.1 Command was expanded. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example displays all voice users: 


>enable 

#show voice users 

First Last Ext Interface Description 
Janet Smith 5200 virtual 

Bill Jones 6000 virtual 

Sam Sampson 6001 virtual 

Eve Smith 6002 virtual 

Bob Wilson 6003 virtual 
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show voice users sip 


Use the show voice users sip command to display a list of SIP users with their associated ports. 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 15.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice users sip command: 


>enable 
#show voice users sip 


First Last Extension Interface MAC Address _ IP Address 

Fronia Cobins 4430 Unregistered user - Unable to resolve port 
Gorge Owens 4440 Unregistered user - Unable to resolve port 
Heather Virginia 4450 Unregistered user - Unable to resolve port 


Total number of configured SIP voice users: 3 
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show vrrp 


Use the show vrrp command to display configuration and operating data for Virtual Router Redundancy 
Protocol (VRRP) configurations. Variations of this command include: 


show vrrp 

show vrrp brief 

show vrrp interface <interface> 

show vrrp interface <interface> group <number> 

show vrrp statistics 

show vrrp statistics interface <interface> 

show vrrp statistics interface <interface> group <number> 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘ore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





brief Optional. Limits the amount of data shown. 

group <number> Optional. Displays data or statistics for a specified VRRP group on the 
specified interface. Group numbers range from 1 to 255. 

interface <interface> Optional. Displays data or statistics for all VRRP groups or a specified 
group on the specified interface. Specify an interface in the format 
<interface type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id]>. For example, for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a virtual local area network (VLAN) interface, use vlan 1. 
Type show vrrp interface ? for a complete list of valid interfaces. 


statistics Optional. Displays statistics for all VRRP groups on all interfaces. 


Default Values 


No default values for this command. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Functional Notes 





Although VRRP group virtual router identifiers (VRIDs) can be numbered between 1 and 255, only two 
VRRP routers per interface are supported. 
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Usage Examples 





The following example gives sample output from the show vrrp statistics command: 


eth 0/1 
Group 1 
Became Master: 3 
Priority Zero Packets Sent: 1 
Priority Zero Packets Received: 0 
Advertisements Sent: 105134 
Advertisements Received: 241 
Advertisements Interval Errors: 0 
Advertisements TTL Errors: 0 
Advertisements Address List Errors: 0 
Advertisements Packet Length Errors: 0 
Group 2 
Became Master: 1 
Priority Zero Packets Sent: 0 
Priority Zero Packets Received: 0 
Advertisements Sent: 897 
Advertisements Received: 1628 
Advertisements Interval Errors: 0 
Advertisements TTL Errors: 0 
Advertisements Address List Errors: 0 
Advertisements Packet Length Errors: 0 
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sip check-sync 


Use the sip check-syne command to send a check-sync notification to all IP phones registered to the unit. 
When an IP phone receives this check-sync notification, the phone will check for possible configuration 
changes stored on the server. Variations of this command include the following: 


sip check-sync 
sip check-sync firmware-upgrade 
sip check-sync <user name or ip address> 


Syntax Description 





firmware-upgrade Specifies a check-sync to be used when upgrading phone firmware. 
<user name or ip address> Specifies the phone to contact with configuration changes. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example notifies all IP phones to check for a change in configuration: 


>enable 
#sip check-sync 
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telnet 


Use the telnet command to open a Telnet session (through AOS) to another system on the network. 
Variations of this command include the following: 


telnet </p address | hostname> 

telnet <ip address | hostname> port <tcp port> 

telnet vrf <name> <ip address | hostname> 

telnet vrf <name> <ip address | hostname> port <tcp port> 


Syntax Description 





<ijp address | hostname> Specifies the IP address or host name of the remote system. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 

port <tcp port> Optional. Specifies the TCP port number to be used when connecting to a 
host through Telnet. Range is 1 to 65,535. 

vrf <name> Optional. Specifies the VRF where the IP address or host name exists. 


Default Values 


No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 14.1 Command was expanded to specify port number. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example opens a Telnet session with a remote system (10.200.4.15): 


>enable 

#telnet 10.200.4.15 
User Access Login: 
Password: 
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The following example opens a Telnet session with a remote system (10.200.4.15) on port 8010: 


>enable 

#telnet 10.200.4.15 port 8010 
User Access Login: 

Password: 
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telnet stack-member <unit id> 


Use the telnet stack-member command to Telnet to a stack member. 


Syntax Description 





<unit id> Specifies unit ID of the stack member to connect via a Telnet session. 


Default Values 





No default value necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command is only available when in stack-master mode. 


Usage Examples 





The following example Telnets to a member of the stack: 


>enable 
#telnet stack-member 3 
Trying Stack Member 3...Press Ctrl+C to abort 
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telnet vrf <name> stack-member <number> 


Use the telnet vrf stack-member command to open a Telnet session (through AOS) with a member of the 
stack. 


Syntax Description 


vrf <name> Specifies the VRF where the stack-member exists. 
stack-member <number> Specifies which member of the stack to Telnet to. 


Default Values 





No default value necessary for this command. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example opens a Telnet session with stack-member 3 of the VRF red: 


>enable 
#telnet vrf red stack-member 3 
Trying Stack Member 3...Press Ctrl+C to abort 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 582 


Command Reference Guide Enable Mode Command Set 





terminal length <number> 
The terminal length command sets the number of rows (lines) for a terminal session. Use the no form of 


this command to return to the default value. This command is only valid for the current session and returns 
to the default (24 rows) when the session closes. 


Syntax Description 





<number> Specifies the number of rows for a terminal session. Range is 0 to 480 lines. 
Setting the terminal length to 0 disables paging. 


Default Values 





The default setting for this command is 24 rows. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example sets the number of rows for a terminal session to 30. 


>enable 
#terminal length 30 
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traceroute 


Use the traceroute command to display the IP routes a packet takes to reach the specified destination. 
Variations of this command include: 


traceroute 

traceroute <jip address | hostname> 

traceroute <jip address | hostname> source <ip address> 

traceroute vrf <name> <ip address | hostname> 

traceroute vrf <name> <ip address | hosthame> source <ip address> 


Syntax Description 


<ip address | hostname> Optional. Specifies the IP address or host name of the remote system’s 
route to trace. 
source <ip address> Optional. Specifies the IP address of the interface to use as the source of 


the trace. IP addresses should be expressed in dotted decimal notation (for 
example, 10.10.10.1). 


vrf <name> Optional. Specifies the VRF where the route exists. 


Default Values 





No default value necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following is a sample traceroute output: 


>enable 
#traceroute 192.168.0.1 


Type CTRL+C to abort. 

Tracing route to 192.168.0.1 over a maximum of 30 hops 
1 22ms 20ms 20ms_ 192.168.0.65 
2 23ms 20ms 20ms_~ 192.168.0.1 

# 
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twping 


Use the twping command to execute a Two-way Active Measurement Protocol (TWAMP) type ping to 
measure the packet loss, delay, and inter-packet delay variation (IPDV) and display the results of the test. 
Use the subcommands in any combination, in any order, when specifying the destination site. Variations of 
this command include: 


twping 
twping <address> 
twping <address> 
[count | data | dscp | interval | port | size | source | source-port | timeout | verbose] 





‘one Use the ? after each subcommand for a valid list of arguments and settings. 








The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘one excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





<adadress> Optional. Specifies the IP address or host name of the destination address. 
count <value> Optional. Specifies the number of twping. 
data Optional. Specifies data used to pad packets. 
dscp Optional. Specifies the Differentiated Services Code Point (DSCP) value. 
interval Optional. Specifies the interval between consecutive twpings. 
port Optional. Specifies the destination port. 
size Optional. Specifies the datagram size. 
source Optional. Specifies the source address. 
source-port Optional. Specifies the source port. 
timeout Optional. Specifies the timeout value. 
verbose Optional. Displays the two-way ping verbose results for the specified site. 


Default Values 





The defualt values are: port value is 0, the interval value is 20, the count is 100, the dscp is 0, the 
timeout is 2000 milliseconds, the size is 0, and the data is zero. 
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Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following executes a two-way ping: 


>enable 
#twping 
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undebug all 


Use the undebug all command to disable all activated debug messages. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example disables all activated debug messages: 


>enable 
#undebug all 
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voice dsp capture 


Use the voice dsp capture command to initiate digital signal processor (DSP) captures. Use the no form of 
this command to return to the default. Variations of this command include: 


voice dsp capture start 

voice dsp capture start <va/ue> 
voice dsp capture stop 

voice dsp capture cancel 


Syntax Description 





<value> Specifies a DSP capture starting on a specific channel on DSP 0/1. The 
valid channel number range is 1 to 32. 

start Starts the CLI wizard that prompts the user for the necessary information to 
initiate a DSP capture. 

stop Stops the current DSP capture and downloads the captured files to FLASH. 

cancel Stops the current DSP capture and discards the captured files. 


Default Values 





By default, the DSP capture is disabled. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





The voice DSP captures are used to help diagnose voice issues. The channel numbers for this command 
correspond to those seen in the show and debug commands (for example, the first channel is 1, not 0). 


Output is received on all console sessions notifying you of a running DSP capture or download. Closing 
the CLI session on which the capture was started will cancel the current capture. This method of DSP 
capture is valid on AOS Release 15.1 or later, replacing the en8 int voip 0/1 method. 


Usage Examples 





The following example starts a DSP capture: 


#voice dsp capture start 

DSP Slot [0]: 0 

DSP Port [1]: 1 

DSP Channel [1]:1 

%Warning! Performance of this unit may be degraded during a DSP capture! 

Continue and start DSP Capture? [y/n] y 

DSP UTILITIES. Voice Capture A DSP capture is active on VoIP 0/1 on channel 1dsp capture 
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vian database 


Use the vlan database command to enter the VLAN Database Configuration mode. Refer to the section 


VLAN Database Configuration Command Set on page 1917 for more information. 


Syntax Description 


No subcommanas. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enters the VLAN Configuration mode: 


>enable 
#vlan database 
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voice loopback-call 


Use the voice loopback-call command to initiate and terminate voice loopback calls. Variations of this 
command include: 


voice loopback-call start from <number> to <number> 
voice loopback-call stop account <number> 

voice loopback-call stop all 

voice loopback-call stop id <number> 


Syntax Description 





start from <number> Starts a loopback call from the specified extension number (loopback 
account). 
to <number> Specifies the extension number to call. 
stop Stops active loopback calls. 
account <number> Terminates the call(s) for the specific account. 
all Terminates all loopback calls. 
id <number> Terminates a specific loopback call based on the identity number of the call. 


Default Values 





By default, no loopback accounts are configured. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example starts a voice loopback call: 


>enable 
#voice loopback-call start from 5555 to 6100 
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wall <message> 


Use the wall command to send messages to all users currently logged into the AOS unit. 


Syntax Description 





<message> Sends a message to all users logged into the CLI. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example sends the message “Reboot in 5 minutes if no objections” to the CLI screen of 
everyone currently connected: 


>enable 
#wall Reboot in 5 minutes if no objections 
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write 


Use the write command to save the running configuration to the unit’s nonvolatile random access memory 
(NVRAM) or a Trivial File Transfer Protocol (TFTP) server. Also, use the write command to clear 
NVRAM or to display the running configuration on the terminal screen. Entering the write command with 
no other arguments copies your configuration changes to the unit’s NVRAM. Once the save is complete, 
the changes are retained even if the unit is shut down or suffers a power outage. Variations of this 
command include: 


write 

write dynvoice-config 
write erase 

write memory 

write network 

write terminal 


Syntax Description 


dynvoice-config Optional. Writes dynvoice configuration information to the units NVRAM. 
erase Optional. Erases the configuration files saved to the unit's NVRAM. 
memory Optional. Saves the current configuration to NVRAM. 

network Optional. Saves the current configuration to the network TFTP server. 
terminal Optional. Displays the current configuration on the terminal screen. 


Default Values 





No default value necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 


The following example saves the current configuration to the unit’s NVRAM: 


>enable 
#write memory 
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GLOBAL CONFIGURATION MODE COMMAND SET 





To activate the Global Configuration mode, enter the configuration command at the Enable mode prompt. 
For example: 


>enable 
#configure terminal 
(config)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


aaa accounting commands begin on page 597 

aaa authentication commands begin on page 605 

aaa authorization commands begin on page 612 

daa group server on page 616 

aaa local authentication attempts max-fail <number> on page 617 
aaa on on page 618 

aaa processes <value> on page 620 

aps on page 621 

auto-config on page 623 

banner on page 625 

boot config on page 626 

boot system on page 627 

boot voip on page 629 

bridge irb on page 630 

bridge <number> protocol ieee on page 632 

clock on page 633 

clock set <time> <day> <month> <year> on page 634 
clock timezone <value> on page 635 


cross-connect on page 638 
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crypto commands begin on page 641 

data-call on page 658 

dotllap access-point-controller on page 660 
enable password <password> on page 661 
event-history on on page 662 

event-history priority on page 663 

exception memory minimum <value> on page 665 
exception report on page 666 

jtp authentication <name> on page 667 

garp timer <value> on page 668 

gvrp on page 669 

hostname <name> on page 670 

interface range <interface type> <slot/port> - <slot/port> on page 671 
ip on page 672 

ip access-list commands begin on page 673 

ip as-path-list <name> on page 679 

ip classless on page 680 

ip community-list <name> on page 681 

ip crypto on page 682 

ip default-gateway <ip address> on page 683 

ip dhcp-server commands begin on page 684 

ip domain commands begin on page 690 

ip ffe max-entries <entries> on page 693 

ip ffe timeout on page 694 

ip firewall commands begin on page 696 

ip flow commands begin on page 716 

ip forward-protocol udp <value> on page 724 

ip ftp commands begin on page 726 

ip host on page 729 

ip http on page 730 

ip http source-interface <interface> on page 732 
ip igmp commands begin on page 733 

ip load-sharing on page 739 

ip local policy route-map <name> on page 740 
ip mcast-stub helper-address <ip address> on page 741 
ip multicast-routing on page 742 

ip name-server on page 743 

ip policy commands begin on page 744 

ip prefix-list commands begin on page 756 
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ip radius source-interface <interface> on page 759 
ip route on page 760 

ip routing on page 764 

ip rtp commands begin on page 765 

ip scp server on page 780 

ip sdp grammar hold on page 781 

ip sip commands begin on page 752 

ip snmp agent on page 821 

ip sntp commands begin on page 522 

ip subnet-zero on page 826 

ip tacacs source-interface <interface> on page 827 
ip tftp commands begin on page &28 

ip urlfilter commands begin on page 830 

ip vif <name> route-distinguisher <number> on page 837 
ip vrf forwarding <name> on page 838 

isdn-group <number> on page 839 
isdn-number-template on page &40 

line on page 843 

lldp on page 545 

logging commands begin on page 847 

mac access-list standard <name> on page 861 

mac address-table commands begin on page 862 
mail-client <agent name> on page 865 

modem countrycode <value> on page 866 

monitor session <number> on page S69 

ntp master on page 871 

ntp max-associations <value> on page &72 

ntp peer <name> on page 873 

ntp server <name> on page 874 

ntp source <interface> on page 875 

ntp update-rtc on page 876 

portal-list <name> <portall portal2 portal3...> on page 877 
port-auth commands begin on page 878 
port-channel load-balance on page 883 
power-supply shutdown automatic on page 884 
probe on page 885 

gos commands begin on page 887 

radius-server on page 894 


radius-server host on page 896 
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route-map on page 898 

router commands begin on page 899 

run tcl <filename> on page 904 

schedule <name> on page 905 

service password-encryption on page 907 

snmp-server commands begin on page 908 

sntp retry-timeout <value> on page 927 

sntp server version on page 928 

sntp wait-time <value> on page 929 

spanning-tree commands begin on page 930 

stack on page 939 

tacacs-server on page 941 

telnet on page 942 

thresholds on page 944 

timing-source on page 946 

track <name> on page 947 

username <username> password <password> on page 948 
username <username> portal-list <name> password <password> on page 949 
vlan <vlan id> on page 950 


voice commands begin on page 951 
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aaa accounting commands </evel> 


Use aaa accounting commands to set parameters for authentication, authorization, and accounting (AAA) 
accounting. For more detailed information on AAA functionality, refer to the Technology Review section 
of the aaa on command on page 618. Use the no form of this command to disable these features. 
Variations of this command include: 


aaa accounting commands </eve/> default none 

aaa accounting commands </eve/l> default none group tacacs+ 

aaa accounting commands </eve/> default none group <groupname> 

aaa accounting commands </evel> default stop-only group tacacs+ 

aaa accounting commands </evel/> default stop-only group <groupname> 
aaa accounting commands </evel> </listname> none 

aaa accounting commands </evel> </istname> none group tacacs+ 

aaa accounting commands </evel> </istname> none group <groupname> 

aaa accounting commands </evel> </istname> stop-only group tacacs+ 

aaa accounting commands </evel> </istname> stop-only group <groupname> 


Syntax Description 





<level> Specifies the commands enable level. Only level 1 (unprivileged) and 
level 15 (privileged) commands are supported. 

<listname> Specifies the name of the list. 

default Uses the default accounting list. 

none Disables accounting. 

stop-only Records stop-only activity when service terminates. 

group <groupname> Uses the specified group of remote servers for accounting. 

group tacacs+ Uses the TACACS+ server for accounting. 


Default Values 





By default, AAA accounting is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Use the tacacs-server command to specify TACACS+ servers before adding them to a group. This 
command enters a mode for adding individual servers to the named group. Refer to TACACS+ Group 
Configuration Command Set on page 2628 for more information. 


The default group cannot be changed, and includes all TACACS+ servers specified by the tacacs-server 
commands. 
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Usage Examples 





The following example creates a list called myList and sets accounting for level 1 commands at stop-only 
activities: 


(config)#aaa accounting commands 1 myList stop-only group tacacs+ 





To complete this command, Telnet must be applied to the lines. Refer to Line (Telnet) 
‘ore Interface Config Command Set on page 1034 for more detailed instructions. 
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aaa accounting connection 


Use the aaa accounting connection command to send accounting records for outbound Telnet 
connections. For more detailed information on AAA functionality, refer to the Technology Review section 
of the aaa on command on page 6/8. Use the no form of this command to disable these features. 
Variations of this command include: 


aaa accounting connection </istname> none 

aaa accounting connection </istname> start-stop group <name> 
aaa accounting connection </istname> start-stop group tacacs+ 
aaa accounting connection </istname> stop-only group <name> 
aaa accounting connection </istname> stop-only group tacacs+ 
aaa accounting connection default none 

aaa accounting connection default start-stop group <name> 
aaa accounting connection default start-stop group tacacs+ 
aaa accounting connection default stop-only group <name> 
aaa accounting connection default stop-only group tacacs+ 


Syntax Description 





default Uses the default accounting list. 

group <name> Specifies to use the named group remote server for accounting. Multiple 
groups can be specified. If the unit fails to make a connection with the first 
group, it will try the next group specified. 


group tacacs+ Specifies to use the TACACS+ server for accounting. 
<listname> Specifies the name of the accounting list. 

none Disables accounting. 

start-stop Records when service begins and terminates. 
stop-only Records stop-only activity when service terminates. 


Default Values 





By default, AAA accounting connection is disabled. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





Use the tacacs-server command to specify TACACS+ servers before adding them to a group. This 
command enters a mode for adding individual servers to the named group. Refer to TACACS+ Group 
Configuration Command Set on page 2628 for more information. 


The default group cannot be changed and includes all TACACS+ servers specified by the tacacs-server 
commands. 
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Usage Examples 





The following example creates a list called myList and sends the Telnet connection information to the 
TACACS+ server when the connection terminates: 


(config)#aaa accounting connection myList stop-only group tacacs+ 


The following example creates a list called myList and sends the Telnet connection information to the 
TACACS+ server when the connection is made and when the connection terminates: 


(config)#aaa accounting connection myList start-stop group tacacs+ 





To complete these commands, Telnet must be applied to the lines. Refer to Line (Telnet) 
‘ore Interface Config Command Set on page 1034 for more detailed instructions. 
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aaa accounting exec 


Use the aaa accounting exec command to send accounting records of all new connections/logins. For 
more detailed information on AAA functionality, refer to the Technology Review section of the aaa on 
command on page 618. Use the no form of this command to disable these features. Variations of this 
command include: 


aaa accounting exec </istname> none 

aaa accounting exec </istname> start-stop group <name> 
aaa accounting exec </istname> start-stop group tacacs+ 
aaa accounting exec </istname> stop-only group <name> 
aaa accounting exec </istname> stop-only group tacacs+ 
aaa accounting exec default none 

aaa accounting exec default start-stop group <name> 
aaa accounting exec default start-stop group tacacs+ 
aaa accounting exec default stop-only group <name> 
aaa accounting exec default stop-only group tacacs+ 


Syntax Description 





default Uses the default accounting list. 

group <name> Specifies to use the named group remote server for accounting. Multiple 
groups can be specified. If the unit fails to make a connection with the first 
group, it will try the next group specified. 


group tacacs+ Specifies to use the TACACS+ server for accounting. 
<listname> Specifies the name of the accounting list. 

none Disables accounting. 

start-stop Records when service begins and terminates. 
stop-only Records stop-only activity when service terminates. 


Default Values 





By default, AAA accounting exec is disabled. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





Use the tacacs-server command to specify TACACS+ servers before adding them to a group. This 
command enters a mode for adding individual servers to the named group. Refer to TACACS+ Group 
Configuration Command Set on page 2628 for more information. 


The default group cannot be changed, and includes all TACACS+ servers specified by the tacacs-server 
commands. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 601 


Command Reference Guide Global Configuration Mode Command Set 





Usage Examples 





The following example creates a list called myList and sends the connection/login records to the 
TACACS+ server when the connection/login is terminated: 


(config)#aaa accounting exec myList stop-only group tacacs+ 





To complete this command, Telnet must be applied to the lines. Refer to Line (Telnet) 
‘ore Interface Config Command Set on page 1034 for more detailed instructions. 
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aaa accounting suppress null-username 


Use the aaa accounting suppress null-username command to stop sending accounting records for 
usernames set to null. For more detailed information on authentication, authorization, and accounting 
(AAA) functionality, refer to the Technology Review section of the aaa on command on page 618. Use the 
no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled and the accounting records for null usernames are sent to the server. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following command tells the unit not to send accounting records for users with null usernames: 


(config)#aaa accounting suppress null-username 
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aaa accounting update 


Use the aaa accounting update command to specify when accounting records are sent to the server. For 
more detailed information on authentication, authorization, and accounting (AAA) functionality, refer to 
the Technology Review section of the aaa on command on page 618. Use the no form of this command to 
return to the default settings. Variations of this command include: 


aaa accounting update newinfo 
aaa accounting update periodic <value> 


Syntax Description 





newinfo Sends all new accounting records immediately. 


periodic <value> Specifies the time interval (in minutes) between accounting updates sent to 
the server. Select from 1 to 2,147,483,647. 


Default Values 


By default, accounting records are sent every 5 minutes. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following command sets the unit to send accounting records every 600 minutes to the server: 


(config)#aaa accounting update periodic 600 
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aaa authentication 


Use the aaa authentication command to control various features of the AAA subsystem authentication 
process. For more detailed information on authentication, authorization, and accounting (AAA) 
functionality, refer to the Technology Review section of the aaa on command on page 618. Use the no 
form of this command to return to the default settings. Variations of this command include: 


aaa authentication banner <banner> 

aaa authentication fail-message <message> 

aaa authentication banner password-prompt <prompt> 
aaa authentication banner username-prompt <prompt> 


Syntax Description 





banner <banner> Sets the banner shown before user authentication is attempted. The banner 
can be multiple lines. Enter a delimiter (such as :) to begin recording the 
typed text message used for the banner. The message must end with the 
same delimiter to indicate that the message is complete. The text delimiters 
are not displayed to the screen during operation. 


fail-message <message> Sets the message shown if user authentication fails. The message can be 
multiple lines. Enter a delimiter (such as :) to begin recording the typed text 
message displayed after a failed authentication attempt. The message must 
end with the same delimiter to indicate that the message is complete. The 
text delimiters are not displayed to the screen during operation. 


password-prompt <prompi> Sets the prompt for the user's password. The prompt is a single line 
enclosed in quotation marks. 


username-prompt <prompt> Sets the prompt for the user's name. The prompt is a single line enclosed in 
quotation marks. 


Default Values 





banner User Access Verification 
fail-message Authentication Failed 
password-prompt Password: 
username-prompt Username: 


Command History 





Release 5.1 Command was introduced. 
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Usage Examples 





The following is a typical example of customizing the AAA authentication process: 


(config)#aaa authentication banner # 

Enter TEXT message. End with the character '#'. 

User login authentication:# 

(config)# 

(config)#aaa authentication fail-message # 

Enter TEXT message. End with the character '#'. 

Authentication denied.# 

(contig)# 

(config)#aaa authentication username-prompt “Enter Username:” 
(config)#aaa authentication password-prompt “Enter Password:” 
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aaa authentication enable default 


Use the aaa authentication enable default command to create (or change) the list of fallback methods 
used for privileged mode access authentication. For more detailed information on authentication, 
authorization, and accounting (AAA) functionality, refer to the Technology Review section of the aaa on 
command on page 618. Use the no form of this command to return to the default settings. Variations of 
this command include: 


aaa authentication enable default enable 

aaa authentication enable default group radius 

aaa authentication enable default group radius enable 
aaa authentication enable default group tacacs+ 

aaa authentication enable default group tacacs+ enable 
aaa authentication enable default group <name> 

aaa authentication enable default group <name> enable 
aaa authentication enable default line 

aaa authentication enable default line enable 

aaa authentication enable default none 

aaa authentication enable default none enable 


Syntax Description 





none Grants access automatically. 

line Uses the line password for authentication. 

enable Uses the Enable mode password for authentication. 

group <name> Uses the specified group of remote servers for authentication. 
group radius Uses all defined RADIUS servers for authentication. 

group tacacs+ Uses all defined TACACS+ servers for authentication. 


Default Values 





If no default methods list is configured, the unit uses the Enable password for authentication. If no 
password is configured, consoles are allowed access (this prevents a lock-out condition). 


Command History 





Release 5.1 Command was introduced. 
Release 11.1 The group tacacs+ command was added. 
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Functional Notes 





A user is authenticated by trying the list of methods from first to last until authentication succeeds or fails. If 
a method does not succeed or fail, the next method is tried. The group methods will fail if the servers in the 
remote group cannot be found. Refer to the command radius-server on page 894 or tacacs-server on page 
9417 for information on defining server groups. 





Access to the Enable command set is a password-only process. The local-user database 
‘ore cannot be used, and the user name given to any remote RADIUS server is $enab15$. The 
only list name allowed is default. 


Use the radius-server command to specify RADIUS servers before adding them to a group. Likewise, use 
the tacacs-server command to specify TACACS+ servers before adding them to a group. These 
commands enter a mode for adding individual servers to the named group. Refer to Radius Group 
Command Set on page 2597 or TACACS+ Group Configuration Command Set on page 2628 for more 
information. 


The default group cannot be changed and includes all RADIUS servers in the order they were specified by 
the radius-server commands. The same is true of TACACS+ servers specified by the tacacs-server 
commands. 


Usage Examples 





The following example specifies using the line password as the first method of authentication and using 
the Enable password as the second: 


(config)#aaa authentication enable default line enable 
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aaa authentication login 


Use the aaa authentication login command to create (or change) a named list with the ability to have a 


chain of fallback authentication methods for user authentication. For more detailed information on 


authentication, authorization, and accounting (AAA) functionality, refer to the Technology Review section 


of the aaa on command on page 6/8. Use the no form of this command to remove a configured login. 


Variations of this command include: 


aaa authentication login default enable 

aaa authentication login default group radius 

aaa authentication login default group radius enable 
aaa authentication login default group tacacs+ 

aaa authentication login default group tacacs+ enable 
aaa authentication login default group <name> 

aaa authentication login default group <name> enable 
aaa authentication login default line 

aaa authentication login default line enable 

aaa authentication login default local 

aaa authentication login default local enable 

aaa authentication login default none 

aaa authentication login default none enable 

aaa authentication login </istname> enable 

aaa authentication login </istname> group radius 

aaa authentication login </istname> group radius enable 
aaa authentication login </istname> group tacacs+ 

aaa authentication login </istname> group tacacs+ enable 
aaa authentication login </istname> group <name> 

aaa authentication login </istname> group <name> enable 
aaa authentication login </istname> line 

aaa authentication login </istname> line enable 

aaa authentication login </istname> local 

aaa authentication login </istname> local enable 

aaa authentication login </isthame> none 

aaa authentication login </istname> none enable 
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Syntax Description 





<listname> Specifies a named login list. 

default Uses the default list for authentication when no other list is assigned. 

none Grants access automatically. 

line Uses the line password (Telnet 0 through 4 or console 0 through 1) for 
authentication. 

enable Uses the Enable password for authentication. 

local Uses the local-user database for authentication. 

group <name> Uses the specified group of remote servers for authentication. 

group radius Uses all defined RADIUS servers for authentication. 

group tacacs+ Uses all defined TACACS+ servers for authentication. 


Default Values 





By default, the login list named default is the list used to authenticate users when no other list is assigned. 


Command History 





Release 5.1 Command was introduced. 
Release 11.1 The group tacacs+ command was added. 


Functional Notes 





A user is authenticated by trying the list of methods from first to last until authentication succeeds or fails. If 
a method does not succeed or fail, the next method is tried. The local-user database method fails if the 
user name does not appear in the database. The group methods fail if the servers in the remote group 
cannot be found. Refer to the command radius-server on page 894 or tacacs-server on page 941 for 
information on defining server groups. 


Usage Examples 





The following example creates a named list called myList and specifies using the local database as the 
first method, myGroup as the second method, and line password as the third method for login 
authentication: 


(config)#aaa authentication login myList local group myGroup line 


The following command sets the default authentication list for logins to use the local database as the first 
fallback method: 


(config)#aaa authentication login default local 
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aaa authentication port-auth default 


Use the aaa authentication port-auth default command to create a default list for port authentication. For 
more detailed information on authentication, authorization, and accounting (AAA) functionality, refer to 
the Technology Review section of the aaa on command on page 618. Use the no form of this command to 
remove a configured list. Variations of this command include: 


aaa authentication port-auth default group radius 

aaa authentication port-auth default group radius group 
aaa authentication port-auth default group <name> 

aaa authentication port-auth default group <name> group 
aaa authentication port-auth default local 

aaa authentication port-auth default local group 

aaa authentication port-auth default none 

aaa authentication port-auth default none group 


Syntax Description 


none Grants access automatically. 

local Specifies using the local user database for authentication. 
group <name> Specifies a group of remote servers to use for authentication. 
group radius Specifies using all defined RADIUS servers for authentication. 


Default Values 





By default, the login list named default is used to authenticate users when no other list is assigned. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example specifies that the local user database be used for port authentication: 


(config)#aaa authentication port-auth default local 
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aaa authorization 


Use the aaa authorization to enable or disable authorization for configuration mode commands and for 
console mode. For more detailed information on authentication, authorization, and accounting (AAA) 
functionality, refer to the Technology Review section of the aaa on command on page 618. Use the no 
form of this command to return to the default setting. Variations of this command include: 


aaa authorization config-command 
aaa authorization console 


Syntax Description 





config-command Enables authorization for configuration mode commands. Only level 1 
(unprivileged) and level 15 (privileged) commands are supported. 


console Allows authorization to be applied to the console. 


Default Values 


By default, authorization for console is disabled. However, configuration mode commands are authorized 
by default. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example enables authorization of configuration mode commands: 


(config)#aaa authorization config-command 


The following example enables authorization of console commands: 


(config)#aaa authorization console 
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aaa authorization commands </evel> 


Use aaa authorization commands to create (or change) a list of methods for user authorization. For more 
detailed information on authentication, authorization, and accounting (AAA) functionality, refer to the 
Technology Review section of the aaa on command on page 618. Use the no form of this command to 
remove a configured list of authorization commands. Variations of this command include: 


aaa authorization commands </eve/> default group tacacs+ 

aaa authorization commands </eve/l> default group <name> 

aaa authorization commands </evel> default if-authenticated 
aaa authorization commands </eve/l> default none 

aaa authorization commands </evel> </isthame> group tacacs+ 
aaa authorization commands </evel> </listnhame> group <name> 
aaa authorization commands </evel> </istname> if-authenticated 
aaa authorization commands </evel> </istnhame> none 


Syntax Description 


<level> Specifies the command’s enable level. Only level 1 (unprivileged) and level 
15 (privileged) commands are supported. 

<listname> Specifies the name of the authorization list. 

default Specifies the default authorization list and applies it implicitly across all 
lines. 

none Grants access automatically. 

if-authenticated Succeeds if user has authenticated. 

group <name> Uses the specified group of remote servers for authorization. 

group tacacs+ Uses all defined TACACS+ servers for authorization. 


Default Values 


By default, the authorization list named default is the default list used to authorize commands when no 
other list is assigned. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following command creates a list called myList to authorize unprivileged commands (which succeeds 
only if the user has been authenticated successfully): 


(config)#aaa authorization commands 1 myList if-authenticated 


The following command uses the default list to authorize privileged (level 15) commands against the 
defined TACACS+ servers: 


(config)#aaa authorization commands 15 default group tacacs+ 
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aaa authorization exec 


Use the aaa authorization exec command to set authorization lists for exec shell. This allows a user to 


enter directly into Enable mode for new CLI sessions when authorized. For more detailed information on 
authentication, authorization, and accounting (AAA) functionality, refer to the Technology Review section 


of the aaa on command on page 618. Use the no form of this command to remove a configured list of 


authorization commands. Variations of this command include: 


aaa authorization exec </istname> none 

aaa authorization exec </istname> group <name> 

aaa authorization exec </istname> group tacacs+ 

aaa authorization exec </istname> if-authenticated 

aaa authorization exec </istname> if-authenticated group <name> 
aaa authorization exec </istname> if-authenticated group tacacs+ 
aaa authorization exec default none 

aaa authorization exec default group <name> 

aaa authorization exec default group tacacs+ 

aaa authorization exec default if-authenticated 

aaa authorization exec default if-authenticated group <name> 
aaa authorization exec default if-authenticated group tacacs+ 


Syntax Description 





default Specifies the default authorization list and applies it implicitly across all 
lines. 
group <name> Specifies to use the named group remote server or the TACACS+ server for 


authorization. Multiple groups can be specified. If the unit fails to make a 


connection with the first group, it will try the next group specified. However, 
if a connection is made to the first group and authorization fails, the unit will 


not attempt authorization with any other groups in the list. 


group tacacs+ Specifies to use the TACACS+ server for authorization. 
if-authenticated Succeeds if user has authenticated. 

<listname> Specifies the name of the authorization list. 

none Grants access automatically. 


Default Values 


By default, the authorization exec is disabled. 


Command History 





Release 13.1 Command was introduced. 
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Usage Examples 





The following command creates a list called myList to authorize exec shell (which succeeds only if the 
user has been authenticated successfully): 


(config)#aaa authorization exec myList if-authenticated 


The following command specifies to use the default list to authorize an exec shell with the TACACS+ 
server: 


(config)#aaa authorization exec default group tacacs+ 
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aaa group server 


Use the aaa group server command to group predefined RADIUS and TACACS+ servers into named 
lists. For more detailed information on authentication, authorization, and accounting (AAA) functionality, 
refer to the Technology Review section of the aaa on command on page 6/8. Use the no form of this 
command to remove a configured server group. Variations of this command include: 


aaa group server radius <name> 
aaa group server tacacs+ <name> 


Syntax Description 





radius Groups defined RADIUS servers. 
tacacs+ Groups defined TACACS+ servers. 
<name> Specifies the name of the server list. 


Default Values 





No default value necessary for this command. 


Command History 


Release 5.1 Command was introduced. 
Release 11.1 Command was expanded to include TACACS+ server support. 


Functional Notes 


Use the radius-server command to specify RADIUS servers before adding them to a group. Likewise, use 
the tacacs-server command to specify TACACS+ servers before adding them to a group. These 
commands enter a mode for adding individual servers to the named group. Refer to Radius Group 
Command Set on page 2597 or TACACS+ Group Configuration Command Set on page 2628 for more 
information. 


The default group cannot be changed, and includes all RADIUS servers in the order they were specified by 
the radius-server commands. The same is true of TACACS+ servers specified by the tacacs-server 
commands. 


Usage Examples 





The following example creates the named list myServers and enters the RADIUS group: 
(config)#aaa group server radius myServers 

(config-sg-radius)# 

The following example creates the named list myServers and enters the TACACS+ group: 


(config)#aaa group server tacacs myServers 
(config-sg-tacacs+)# 
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aaa local authentication attempts max-fail <number> 


Use the aaa local authentication attempts max-fail command to set the maximum number of login 
attempts allowed before closing the session. For more detailed information on authentication, 
authorization, and accounting (AAA) functionality, refer to the Technology Review section of the aaa on 
command on page 618. Use the no form of this command to return to the default settings. 


Syntax Description 





<number> Specifies the maximum number of login attempts allowed before closing the 
session. 


Default Values 





By default, no maximum number of failed authorization attempts is defined. This results in the session 
closing after only one unsuccessful authentication attempt. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example configures the device to allow a maximum of 10 failed authentication attempts: 


(config)#aaa local authentication attempts max-fail 10 
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aaa on 


Use the aaa on command to activate the authentication, authorization, and accounting (AAA) subsystem. 
Use the no form of this command to deactivate AAA. 


Syntax Description 


No subcommanads. 


Default Values 





By default, AAA is not activated. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





By default, the AAA subsystem is disabled and authentication follows the line technique (local, line, etc.). 
Once activated, the AAA lists override the methods specified in the line command. 


Usage Examples 





The following example activates the AAA subsystem: 


(config)#aaa on 


Technology Review 





AAA stands for authentication, authorization, and accounting. The AOS AAA subsystem currently supports 
only authentication. Authentication is the means by which a user is granted access to the device (router). 
For instance, a user name/password is authenticated before the user can use the CLI. VPN clients can 
also verify user name/password before getting access through the device. 


There are several methods that can be used to authenticate a user: 


none Grants instant access. 

line Uses the line password (Telnet 0 through 4 or console 0 through 1). 
enable Uses the Enable password. 

local Uses the local-user database. 

group <name> Uses the specified group of remote servers for authentication. 
group radius Uses all defined RADIUS servers for authentication. 

group tacacs+ Uses all defined TACACS+ servers for authentication. 


The AAA system allows users to create a named list of authentication methods to attempt in sequential 
order (if one fails, it falls to the next one on the list). This named list is then attached to a portal (Telnet 0 
through 4 or console 0 through 1). When a user Telnets in or accesses the terminal, the AAA system uses 
the methods from the named list to authenticate the user. 
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By default, the AAA system is disabled. It must be turned on to be active. Use the aaa on command to 
activate the AAA system. 


If a portal is not explicitly assigned a named list, the name default is automatically assigned to it. Users 
can customize the default list just like any other list. If no default list is configured, the following default 
behavior applies (defaults are based on portal): 


« Instant access (none) is assigned to the console using the default list (when the list has not been 
configured). 

« The local-user database (local) is used for Telnet sessions using the default list (when the list has not 
been configured). 

* No FTP access is granted using the default list (when the list has not been configured). 


Methods fail (and, therefore, cause the system to proceed to the next configured method) under the 
following circumstances: 


¢ — line and enable fail if there are no line or Enable passwords configured. 
* local fails if the given user does not appear in the local-user database. 
* group fails if the given server(s) cannot be contacted on the network. 


Example 


For a default list defined with the order [line, enable, local, group mygroup], the following statements 
are true: 


« — If there is no line password, the list falls through to the Enable password. 

« If there is no Enable password, the AAA system prompts the user for a user name and password for the 
local-user database. 

« — If the given user is not in the local-user database, the user name and password are handed to the 
remote servers defined in mygroup. 

¢ A failure at any point (password not matching) denies access. 


If the AAA authentication process fails the list completely, system behavior is based on portal: 


* Console access is granted if the process fails completely (this prevents a lock-out condition). 
« Telnet and FTP are denied access. 
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aaa processes <value> 


Use the aaa processes command to set the number of threads available to the authentication, authorization, 
and accounting (AAA) subsystem. For more detailed information on AAA functionality, refer to the 
Technology Review section of the aaa on command on page 618. Use the no form of this command to 
return to the default setting. 


Syntax Description 





<value> Specifies the number of threads available to the AAA subsystem. Range is 
1 to 64 threads. 


Default Values 





By default, the number of threads is set to 1. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


Increasing the number of threads may speed up simultaneous authentication at the cost of system 
resources (e€.g., memory). 


Usage Examples 





The following example specifies five available threads for the AAA subsystem: 


(config)#aaa processes 5 
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aps 


Use the aps command to specify the configuration of the access points (APS) client. Use the no form of 
this command to return to the default setting. Variations of this command include: 


aps 
aps [http | https] 

aps key <value> 

aps recontact-intervals <value> 
aps server <value> 

aps server-url <va/ue> 


Syntax Description 





[http | https] Specifies that the APS client use the HTTP or HTTPS post method. The 
default is HTTPS. 
key <value> Specifies the APS key value to be used by the APS server to segregate 


devices into management groups. 


recontact-intervals <va/ue> Specifies the interval between contacting the APS server. The range is 30 to 
10000 seconds. The default is 30 seconds. 


server <value> Specifies the APS server host name or IP address. 


server-url <va/ue> Specifies the APS server URL. This value is updated by the device when 
the APS server and key are set. The value is not typically set by the user. 


Default Values 
By default, the APS is disabled. 





Command History 





Release A1 Command was introduced in the AOS voice products. 


Usage Examples 
The following example specifies the basic APS client configuration: 
(config)#aps 


(config)#aps server 10.10.10.10 
(config)#aps key main 
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arp <ip address> <mac address> arpa 


Use the arp command to enter static entries into the Address Resolution Protocol (ARP) table for a 
specific VRF instance. Use the no form of this command to remove a static ARP entry. Variations of this 
command include: 


arp <ip address> <mac address> arpa 
arp <ip address> <mac address> vrf <vrf name> arpa 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in following format xx:xx:Xx:Xx:xx:xx (for example, 00:A0:C8:00:00:01). 


vrf <name> Optional. Specifies the VRF where the ARP table exists. 


Default Values 





No default is necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example enters the IP address and MAC address into the ARP table that is located in the 
default VRF: 


(config)#arp 10.10.10.1 00:A0:C8:00:00:01 arpa 
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auto-config 


Use the auto-config command to enable the automatic self-configuration feature in AOS. For more 
detailed information, refer to the Auto-Config Configuration Guide on the AOS Documentation CD. Use 
the no form of this command to halt the auto-config process. Variations of this command include: 


auto-config 

auto-config filename <name> 

auto-config restart 

auto-config retry-count <number> 

auto-config server [<hostname> | <ip address>] 


Syntax Description 





filename <name> Optional. Specifies the configuration file name to download. 

restart Optional. Restarts auto-config parameters. 

retry-count <number> Optional. Specifies the maximum number of retries. Range is 
0 to 1000. 


server [<hostname> | <ip address>] Optional. Specifies the IP address or host name of TFTP server 
from which to download. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, auto-config is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables auto-config: 


(config)#auto-config 





‘one Disabling and re-enabling auto-config restarts the download process. 





The following command specifies the name of the file to download: 


(config)#auto-config filename myConfig 
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The following command restarts the auto-config process: 


(config)#auto-config restart 


The following command sets the number of retries when downloading a configuration file to 100: 
(config)#auto-config retry-count 100 

The following command specifies the TFTP server IP address from which to download the configuration 
file: 

(config)#auto-config server 192.33.5.99 

The following command specifies the TFTP server host name from which to download the configuration 
file: 


(config)#auto-config server myHost 
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banner 


Use the banner command to specify messages to be displayed in certain situations. Use the no form of this 
command to delete a previously configured banner. Variations of this command include: 


banner exec <delimiter> <message> <delimiter> 
banner login <delimiter> <message> <delimiter> 
banner motd <delimiter> <message> <delimiter> 


Syntax Description 





exec Creates a message to be displayed when any executive-level process takes 
place. 

login Creates a message to be displayed before the user name and password 
login prompts. 

motd Creates a message-of-the-day (MOTD) banner. 

<delimiter> Specifies the banner text delimiter. Press Enter after the delimiter character 


to begin input of banner text. After typing the banner message, enter the 
same delimiter character to end the message. 


<message> Specifies the text message you wish to display. 


Default Values 





By default, no banners are configured. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Banners appear in the following order (if configured): 


* MOTD banner appears at initial connection. 
¢ Login banner follows the MOTD banner. 
« Exec banner appears after successful login. 


Usage Examples 


The following example configures the system to display a message of the day: 


(config)#banner motd *The system will be shut down today from 7PM to 11PM* 
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boot config 


Use the boot config command to modify system boot parameters by specifying the location and name of 
primary and secondary configuration files. Variations of this command include: 


boot config cflash <primary filename> 

boot config cflash <primary filename> cflash <secondary filename> 
boot config cflash <primary filename> flash <secondary filename> 
boot config flash <primary filename> 

boot config flash <primary filename> cflash <secondary filename> 
boot config flash <primary filename> flash <secondary filename> 





‘ore The cflash option is only valid for units with CompactFlash® capabilities. 





Syntax Description 





cflash Specifies that the configuration file is located in CompactFlash memory. 

flash Specifies that the configuration file is located in flash memory. 

<primary filename> Specifies the name of the primary configuration file (file names are case 
sensitive). 

<secondary filename> Optional. Specifies the name of the backup configuration file. 


Default Values 





No default is necessary for this command. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example specifies the file myconfig (located in flash memory) as the primary system boot 
file: 


(config)#boot config flash myconfig 


The following example specifies the file myconfig (located in flash memory) as the primary system boot 
file and the file mybackupconfig (located in CompactFlash memory) as the backup configuration file: 


(config)#boot config flash myconfig cflash mybackupconfig 
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boot system 


Use the boot system command to specify the system image loaded at startup. Variations of this command 
include: 


boot system cflash <primary filename> 

boot system cflash <primary filename> verify 

boot system flash <primary filename> <secondary filename> 

boot system flash <primary filename> <secondary filename> verify 

boot system cflash <primary filename> cflash <secondary filename> 
boot system cflash <primary filename> cflash <secondary filename> verify 
boot system cflash <primary filename> flash <secondary filename> 

boot system cflash <primary filename> flash <secondary filename> verify 
boot system cflash <primary filename> no-backup 

boot system cflash <primary filename> no-backup verify 

boot system flash <primary filename> cflash <secondary filename> 

boot system flash <primary filename> cflash <secondary filename> verify 
boot system flash <primary filename> flash <secondary filename> 

boot system flash <primary filename> flash <secondary filename> verify 
boot system flash <primary filename> no-backup 

boot system flash <primary filename> no-backup verify 





‘ore The cflash option is only valid for units with CompactFlash® capabilities. 








For units without CompactFlash capabilities, the secondary media type does not need to 
be specified. Refer to the last example under Usage Examples. 








Syntax Description 





cflash Specifies the system image is located in CompactFlash memory. 

flash Specifies the system image is located in flash memory. 

no-backup Specifies that there is no backup image present. 

<primary filename> Specifies the file name of the image (file names are case sensitive). Image 
files should have a .biz extension. 

<secondary filename> Specifies a name for the backup image. 

verify Optional. Verifies the image checksum. 


Default Values 





No default value necessary for this command. 
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Command History 





Release 1.1 Command was introduced. 
Release 12.1 Command was expanded to include CompactFlash. 


Functional Notes 





Detailed instructions for upgrading AOS and loading files into flash memory are found on the AOS 
Documentation CD. 


Usage Examples 





The following example specifies myimage.biz (located in CompactFlash memory) as the primary image 
file with no backup image: 


(config)#boot system cflash myimage.biz no-backup 

The following example specifies myimage.biz (located in flash memory) as the primary image file with no 
backup image: 

(config)#boot system flash myimage.biz no-backup 

The following example specifies myimage.biz (located in flash memory) as the primary image file and 
myimage_backup.biz (also located in flash memory) as the backup image: 


(config)#boot system flash myimage.biz myimage_backup.biz 
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boot voip 


Use the boot voip command to specify the VoIP image file loaded at startup. Variations of this command 
include: 


boot voip default 
boot voip flash <filename> 


Syntax Description 





default Uses default VoIP image. 


flash <filename> Specifies the file name (located in flash memory) of the image (file names 
are case sensitive). Image files should have a .biz extension. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





Detailed instructions for upgrading AOS and loading files into flash memory are found on the AOS 
Documentation CD. 


Usage Examples 





The following example specifies the file myimage.biz, stored in flash memory, as the VoIP startup image: 


(config)#boot voip flash myimage.biz 
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bridge irb 


Use the bridge irb command to enable integrated routing and bridging (IRB) and also allow the creation of 
bridged virtual interfaces (BVIs). Use the no form of this command to disable the IRB. 


Syntax Description 


No subcommanas. 


Default Values 
By default, IRB is disabled. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





The bridge irb must be enabled to create BVIs. 


Once the command bridge irb is entered, the IP addresses for any interfaces connected to any bridge will 
be removed. Also, the command ip address xXx.xx.XxX.XX.XX.XX.XX.XX Will no longer be available on an 
interface that is connected to the bridge. 


The BVI must be removed before using the no bridge irb command. 


For more information on BVI configuration, refer to the BV/ Interface Config Command Set on page 1398. 


Usage Examples 





The following example enables IRB: 


(config)#bridge irb 


Technology Review 





The IRB allows the routing of specified protocols between network interfaces and bridge groups. The 
difference between IRB and concurrent routing and bridging (CRB) is that in IRB it is possible to route IP 
between routed interfaces and BVIs, but with CRB the routed interfaces cannot communicate with bridged 
interfaces. IRB’s primary goal is to bridge all protocols and route any IP traffic destined for the MAC 
address of the BVI. 


The IRB handles IP packets in the following manner: When an IP packet comes into the router and it is not 
destined for the MAC address, it is bridged. If the IP packet is destined for the MAC address, it is sent to 
the routing engine and routed as normal. The IRB allows for PCs in the bridge to get to routed networks 
and routed networks to get to the bridge. The bridge group will isolate broadcasts from other routed 
interfaces. 


A BVI can only be created when IRB is enabled and a bridge group has been defined. The BVI number 
corresponds directly to the bridge group. 
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When IRB is enabled and a BVI is configured, IP network configuration is removed for all bridged 
interfaces. IP traffic destined for the BVI address is delivered to the local IP stack for routing (if routing is 
enabled) or management. If no BVI is configured, the behavior is the same as if IRB is not enabled. 


When IRB is not enabled, a BVI cannot be created. Bridged interfaces retain their IP configuration, and IP 
traffic destined for those interfaces is delivered to the local IP stack. 
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bridge <number> protocol ieee 


The bridge protocol ieee command configures a bridge group for the IEEE 802.1 Ethernet spanning-tree 
protocol. Use the no form of this command (with the appropriate arguments) to delete this setting. 


Syntax Description 


<number> Specifies a bridge group number. Range is 1 to 255. 


Default Values 





By default, all configured bridge interfaces implement IEEE spanning-tree protocol. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example deletes the bridge protocol setting for bridge group 17: 


(config)#no bridge 17 protocol ieee 
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clock 


The clock auto-correct-DST command allows the unit to automatically correct for Daylight Saving Time 
(DST). Use the clock no-auto-correct-DST command to disable this feature. Variations of this command 
include: 


clock auto-correct-DST 
clock no-auto-correct-DST 


Syntax Description 





auto-correct-DST Configures the unit to automatically correct for DST. 
no-auto-correct-DST Disables DST correction. 


Default Values 





By default, DST correction takes place automatically. 


Command History 





Release 6.1 Command was introduced. 
Release 11.1 Command was added to the Global command set. 


Functional Notes 





Depending on the clock timezone chosen (refer to clock timezone <value> on page 635 for more 
information), one-hour DST correction may be enabled automatically. You may override this default using 
this command. 

Usage Examples 


The following example allows for automatic DST correction: 


(config)#clock auto-correct-dst 


The following example overrides the one-hour offset for DST: 


(config)#clock no-auto-correct-dst 
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clock set <time> <day> <month> <year> 


Use the clock set command to configure the system software clock. For the command to be valid, all fields 
must be entered. Refer to the Usage Examples below for an example. 


Syntax Description 


<time> Sets the time (in 24-hour format) of the system software clock in the format 
HH:MM:SS (hours:minutes:seconds). 

<day> Sets the current day of the month. Valid range is 1 to 31. 

<month> Sets the current month. Valid range is January to December. You need only 
enter enough characters to make the entry unique. This entry is not case 
sensitive. 

<year> Sets the current year. Valid range is 2000 to 2100. 


Default Values 





No default value necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 11.1 Command was added to the Global command set. 


Usage Examples 





The following example sets the system software clock for 3:42 pm, August 22 2004: 


(config)#clock set 15:42:00 22 Au 2004 
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clock timezone <value> 


The clock timezone command sets the unit’s internal clock to the time zone of your choice. This setting is 
based on the difference in time (in hours) between Greenwich Mean Time (GMT) or Central Standard 
Time (CST) and the time zone for which you are setting up the unit. Use the no form of this command to 
disable this feature. 


Syntax Description 





<value> Time zone values are specified in the Functional Notes section for this 
command. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 





oe Depending on the clock timezone chosen, one-hour Daylight Savings Time (DST) 


correction may be enabled automatically. Refer to clock on page 633 for more information. 
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Functional Notes 





The following list shows sample cities and their timezone codes. 


clock timezone +1-Amsterdam 
clock timezone +1-Belgrade 
clock timezone +1-Brussels 
clock timezone +1-Sarajevo 
clock timezone +1-West-Africa 
clock timezone +10-Brisbane 
clock timezone +10-Canberra 
clock timezone +10-Guam 
clock timezone +10-Hobart 
clock timezone +10-Vladivostok 
clock timezone +11 

clock timezone +12-Auckland 
clock timezone +12-Fiji 

clock timezone +13 

clock timezone +2-Athens 
clock timezone +2-Bucharest 
clock timezone +2-Cairo 

clock timezone +2-Harare 
clock timezone +2-Helsinki 
clock timezone +2-Jerusalem 
clock timezone +3-Baghdad 
clock timezone +3-Kuwait 
clock timezone +3-Moscow 
clock timezone +3-Nairobi 
clock timezone +3:30 

clock timezone +4-Abu-Dhabi 
clock timezone +4-Baku 

clock timezone +4:30 

clock timezone +5-Ekaterinburg 
clock timezone +5-Ilslamabad 
clock timezone +5:30 

clock timezone +5:45 

clock timezone +6-Almaty 
clock timezone +6-Astana 
clock timezone +6-Sri-Jay 
clock timezone +6:30 

clock timezone +7-Bangkok 
clock timezone +7-Kranoyarsk 


clock timezone +8-Bejing 

clock timezone +8-Irkutsk 

clock timezone +8-Kuala-Lumpur 

clock timezone +8-Perth 

clock timezone +8- Taipei 

clock timezone +9-Osaka 

clock timezone +9-Seoul 

clock timezone +9-Yakutsk 

clock timezone +9:30-Adelaide 

clock timezone +9:30-Darwin 

clock timezone -1-Azores 

clock timezone -1-Cape-Verde 

clock timezone -10 

clock timezone -11 

clock timezone -12 

clock timezone -2 

clock timezone -3-Brasilia 

clock timezone -3-Buenos-Aires 

clock timezone -3-Greenland 

clock timezone -3:30 

clock timezone -4-Atlantic-Time 

clock timezone -4-Caracus 

clock timezone -4-Santiago 

clock timezone -5 

clock timezone -5-Bogota 

clock timezone -5-Eastern-Time 

clock timezone -6-Central-America 

clock timezone -6-Central-Time 

clock timezone -6-Mexico-City 

clock timezone -6-Saskatchewan 

clock timezone -7-Arizona 

clock timezone -7-Mountain-Time 

clock timezone -8 

clock timezone -9 

clock timezone -0-Universal Coordinated Time 
(UTC) 

clock timezone GMT-Casablanca 

clock timezone GMT-Dublin 
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Usage Examples 





The following example sets the timezone for Santiago, Chile. 


>enable 
(config)#clock timezone -4-Santiago 
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cross-connect 


Use the cross-connect command to create a cross-connect map from a created TDM group on an interface 
to a virtual interface. Variations of this command include: 


cross-connect <number> <from interface> <to interface> 
cross-connect <number> <from interface> <group number> <to interface> 





Changing cross-connect settings could potentially result in service interruption. 
UT ging 8 P y p 





Syntax Description 





<number> Identifies the cross-connect using a number descriptor or label (useful in 
systems that allow multiple cross-connects). 


<from interface> Specifies the interface (physical or virtual) on one end of the cross-connect. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use 
atm 1.1. Enter cross-connect 1 ? for a list of valid interfaces. 


<group number> Optional. Specifies which configured TDM group to use for this 
cross-connect. This subcommand only applies to T1 physical interfaces. 


<to interface> Specifies the virtual interface on the other end of the cross-connect. Specify 
an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id]>. For example, for a T1 interface, 
use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a PPP interface, 
use ppp 1; and for an ATM subinterface, use atm 1.1. Use the ? to display 
a list of valid interfaces. 


Default Values 





By default, there are no configured cross-connects. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the E1 interface. 


Functional Notes 





Cross-connects provide the mechanism for connecting a configured virtual (Layer 2) endpoint with a 
physical (Layer 1) interface. Supported Layer 2 protocols include Frame Relay and Point-to-Point Protocol 
(PPP). 
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Usage Examples 





The following example creates a Frame Relay endpoint and connects it to the T1 1/1 physical interface: 


1. Create the Frame Relay virtual endpoint and set the signaling method: 
(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-type cisco 


2. Create the subinterface and configure the PVC parameters (including DLCI and IP address): 
(config-fr 1)#interface fr 1.1 
(config-fr 1.1)#frame-relay interface-dlci 17 
(config-fr 1.1)#ip address 168.125.33.252 255.255.255.252 


3. Create the TDM group of 12 DSOs (64K) on the T1 physical interface: 
(THIS STEP IS ONLY VALID FOR T1 INTERFACES.) 
(config)#interface t1 1/1 
(config-t1 1/1)#tdm-group 1 timeslots 1-12 speed 64 
(config-t1 1/1)#exit 


4. Connect the Frame Relay subinterface with port T1 1/1: 
(config)#cross-connect 1 t1 1/1 1 fr 1 


Technology Review 
Creating an endpoint that uses a Layer 2 protocol (Such as Frame Relay) is generally a four-step process: 


Step 1: 

Create the Frame Relay virtual endpoint (using the interface frame-relay commana) and set the signaling 
method (using the frame-relay Imi-type command). Also, included in the Frame Relay virtual endpoint are 
all the applicable Frame Relay timers logging thresholds, encapsulation types, etc. Generally, most Frame 
Relay virtual interface parameters should be left at their default state. For example, the following creates a 
Frame Relay interface labeled 7 and sets the signaling method to ansi. 


(config)#interface frame-relay 7 
(config-fr 7)#frame-relay Imi-type ansi 


Step 2: 

Create the subinterface and configure the PVC parameters. Using the subinterface, apply access policies 
to the interface, create bridging interfaces, configure dial-backup, assign an IP address, and set the PVC 
data-link control identifier (DLCI). For example, the following creates a Frame Relay subinterface labeled 
22, sets the DLCI to 30, and assigns an IP address of 193.44.69.253 to the interface. 


(config-fr 7)#interface fr 7.22 
(config-fr 7.22)#frame-relay interface-dlci 30 
(config-fr 7.22)#ip address 193.44.69.253 255.255.255.252 
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Step 3: (VALID ONLY FOR T1 INTERFACES) 

Specify the group of DSOs used for signaling on the T1 interface by creating a TDM group. Group any 
number of contiguous DSOs together to create a data pipe for Layer 2 signaling. Also, use the tdm-group 
command to specify the per-DSO signaling rate on the interface. For example, the following creates a TDM 
group labeled 9 containing 20 DSOs (each DSO having a data rate of 56 kbps). 


(config)#interface t1 1/1 
(config-t1 1/1)#tdm-group 9 timeslots 1-20 speed 56 
(config-t1 1/1)#exit 


Step 4: 

Make the association between the Layer 2 endpoint and the physical interface using the cross-connect 
command. Supported Layer 2 protocols include Frame Relay and Point-to-Point Protocol (PPP). For 
example, the following creates a cross-connect (labeled 5) to make an association between the Frame 
Relay virtual interface (fr 7) and the TDM group configured on interface t1 1/1 (tdm-group 9). 


(config)#cross-connect 5 t1 1/1 9 fr 7 
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crypto ca authenticate <name> 


Use the crypto ca authenticate command to initiate CA authentication procedures. 


Syntax Description 





<name> Specifies a CA profile using an alphanumeric string up to 32 characters. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The type of authentication procedure is based on the enrollment command and its settings. Refer to 
enrollment terminal on page 2049 and enrollment url <url> on page 2050 for more information. When 
enrollment is set to terminal, the CA authentication process is done manually, as shown in the following 
Usage Examples. 


Usage Examples 





The following example initiates the CA authentication process: 


(config)#crypto ca authenticate testCAprofile 


Enter the base 64 encoded CA certificate. End with two consecutive carriage returns or the word “quit” on 
a line by itself: 


MIIDEDCCAs6gAwIBAgICAXIwCwY HKoZl1zjgEAWUAMFoxCzAJBgNVBAY TAkZUMSQw 
IgYDVQQKExtTU0ggQ29tbxX VuaWNhdGlvbnMgU2VjdXJpdHkxETAPBgNVBAsTCFdl 
YiBOZXNOMRIWEAY DVQQDEwIUZXNOIENBIDQWHhcNMDMwMTAS5MTYyNTE1 WhcNMDMx 
MjMxMjM1 OTUSWjBaMQswCQYDVQQGEwWJGSTEKMCIGA1UEChMbU1 NIIENVbW 11 bmi 
YXRpb25zlFNIY3VyaXRS5MREwDwYDVQQLEwhXZWIgdGVzdDESMBAGA1UEAxMJVGVz 
dCBDQSAOMIIBtzCCASsGByqGSM44BAEwggEeAoGBAP To+NdCWh87hOSnuZ7dUL07 
twjiZZwY3beLHnDsERhfN8X0O0ZZcffulKe/IqTrYiu7M5yPUsXQ3u8dbCb6RWFU0A 
T5Nd7/4cNn/hCmhbeb6xqsNZUsOcTZJxvClq8thkNo+gXg5bwoOfiElgxZ/IEbFWL 
UzeO8KgM4izkq0CrGtaFAhUA2+ja4RgbbgT gJk+qT XAxicG/8JMCgYBZvcPMO2/Y 
Zc2sXYyrBPtv6k2ZGGYqxXAUZ98/txm37JwQGafygePJ/640eis VeDcLi2FTjveex 
W5saydjSkK00jxjreRZcUFEDmfRhUtWR8K8tm8mEnB8eg9n09lkWibljinHn7nSMF 
tBBAdbRHyctsr3DyofnieTt3 DY78MDsNbgOBhQACgYEA6EKDS2IxrdMsogHfVvob 
PkDSv2FjOsP5 Tomc/tf9jvvuf6+vj9X Tw+uAg1 BUY/TyjGzAtnRrCvOUkT YoVxRY 
vdDOI3GR2RcyNVdGrhY XWY 115XuB5+NWij8VUQOgfxXsJgbEMvPemECeYwQ4ASdhD 
VwOE8NI2AEkJXSCAVYfXWzujlIZAhMAsGA1 UdDwQEAwIBhjASBgNVHRMBAf8ECDAG 
AQH/AgEyMAsGByqGSM44BAMFAAMVADAsAhRa0ao0FbRQeWCc20C240Z1 YZi8eglU 
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IZhxKAclhXksZHvOj+ylld5x0ec= 


quit 

Hash: 4€904504dc4e5b95e08 1 29430e2a0b97ceef0ad1 394f905b4 2df2dfb8f751be0244a711bb0 
6eddaa2f07dd640c187f14c1 6fa0bed28e038b28b6741 a880539d6ed06a68b7e324bidde6f3d0b1 7 
83d94e58fd4943f5988a7a0f27f6b6b932dc04 10378247 160752853858dbe7al 951245cfb14b109e 
fic430e177623720de56f4 

* Do you accept this certificate? [y]y 
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crypto ca certificate chain <name> 


Use the crypto ca certificate chain command to enter the Certificate Configuration for the specified CA. 
Refer to Certificate Configuration Command Set on page 2056 for more information. 


Syntax Description 


<name> Specifies a CA profile using an alphanumeric string (up to 32 characters). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Typically used only in the running-config and startup-config to restore certificates. 


Usage Examples 





The following example enters the Certificate Configuration mode for the CA profile MyProfile: 


(config)#crypto ca certificate chain MyProfile 
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crypto ca enroll <name> 


Use the crypto ca enroll command to begin CA enrollment procedures. Use the no form of this command 
to disable this feature. 


Syntax Description 


<name> Specifies a CA profile using an alphanumeric string (up to 32 characters). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The type of enrollment procedure is based on the enrollment command and its settings. Refer to 
enrollment terminal on page 2049 and enrollment url <url> on page 2050 for more information. This 
command initiates a dialog that is used to fill in the parameters that make up an enrollment request to be 
forwarded to a certificate authority. Note that some of the parameters (such as IP address) may be filled in 
using the values supplied in the crypto ca profile (in which case, the enrollment dialog will not prompt for 
those parameters). Once all required parameters are defined using the dialog, this command assembles 
them into an enrollment request to be sent to a certificate authority (including the generation of public and 
private keys). Refer to crypto ca profile <name> on page 647 for more information. 


If enrollment is set to terminal, you may view the request on the terminal screen. 
If enrollment is set to url, the request is sent automatically to the certificate authority using the URL 


specified by the enrollment url command. 


Usage Examples 





The following example shows a typical enrollment dialog: 


(config)#crypto ca enroll MyProfile 

“™* Press CTRL+C to exit enrollment request dialog. 

* Enter signature algorithm (RSA or DSS) [rsa]:rsa 

* Enter the modulus length to use [512]:1024 

“Enter the subject name as an X.500 (LDAP) DN:CN=Router,C=US,L=Huntsville,S=AL 
--The subject name in the certificate will be CN=CN=Router,C=US,L=Huntsville,S=AL. 

* Include an IP address in the subject name [n]:y 

“Enter IP address or name of interface to use:10.200.1.45 

* Include fully qualified domain name [n]:y 

* Enter the fully qualified domain name to use:FullyQualifiedDomainName 

* Include an email address [n]:y 

“Enter the email address to use:myEmail@adtran.commyemail@email.com 

Generating request (including keys)... 


KKK 
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crypto ca import <name> certificate 


Use the crypto ca import certificate command to import a certificate manually via the console terminal. 


Syntax Description 





<name> Specifies a CA profile using an alphanumeric string (up to 32 characters). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Puts CLI in mode where the certificate can be entered manually. Enter quit and a carriage return (or simply 
enter two consecutive carriage returns) to exit this mode. Abort this mode by pressing Ctrl-C. This 
command only applies if the enrollment command is set to terminal. Refer to enrollment terminal on page 
2049. 


Usage Examples 





The following example imports a certificate via the console terminal: 


(config)#crypto ca import MyProfile certificate 
Enter the PM-encoded certificate. End with two consecutive 
carriage returns or the word “quit” on a line by itself: 


MIIDWTCCAwOgAwiBAgIKFLCSOgAAAAAAT|ANBgkqhkiG9wOBAQUFADBjJMQswCQYD 
VQQGEwJVUZEQMA4GA1 UECBMHQUxBQkFNQTETMBEGA1UEBxMKSHVudHN2aWxsZTEa 
MBgGA1UEChMRQWROcmFuVGVjaFN1cHBvcnQxETAPBgNVBAMTCHRzcm91dGVyMB4X 
DTAZMDYyNTEOMTM1NVoXDTAZMTIwWNjEONDkxM1owJDEPMA0GA1UEChMGYWROcmFu 
MREwDwyY DVQQDEwhNeVuvdXRicjBCMANDGCSqGSIb3DQEBAQUAADsAMEgCQQClUKgs 
foTalej5m9gk2DMsbC9df3TilBz+7nRx3ZzGw75AQsqEMYeBY5aWi62W59jmxGSE 
WX+E8EwBVbZ6JKk5AgMBAAGjggHWMIIBOj|AXBgNVHREEEDAOhwQKCgokggZNeUZx 
ZG4wHQYDVROOBBYEFJAVBRIjx1 PROnkZ4v0D89yB1 eErMIGcBgNVHSMEgZQwgZGA 
FHGwIRAr11495MgrLNPiLzjvrb4JoWekZT BIMQswCQY DVQQGEwJVUZEQMA4GA1UE 
CBMHQUxBQkFNQTETMBEGA1UEBxMKSHVudHN2aWxsZTEaMBgGA1UEChMRQWROcmFu 
VGVjaFN1cHBvcnQxETAPBgNVBAMTCHRzcm91dGVyghAZql7OwlSgsUhfaSeGhoOt 
MGkGA1UdHwRiIMGAwLaAroCmGJ2h0dHA6Ly90c3JvdXRici9DZXJORW5yb2xsL3Rz 
cm91dGVyLmNybDAvoC2gkK4YpZmlsZTovL1 xcdHNyb38VOZXJcQ2VydEVucm9sbF x0 
c3JvdXRlci5jemwwgY0GCCSGAQUFBWEBBIGAMH4wPAY|IKwYBBQUHMAKGMGh0OdHA6 
Ly90c3UvdXRici9DZXJORW5yb2xsL3Rzcm91dGVyX3Rzcm91dGVyLmNydDA+Bggr 
BgEFBQcwAoYyZmlsZTovL1xcdHNyb3V0ZXJcQ2VydEVucm9sbFx0c3JUvdXRiIcl90 


Success! 
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crypto ca import <name> crl 


Use the crypto ca import crl command to import a CRL manually via the console terminal. 


Syntax Description 





<name> Specifies a CA profile using an alphanumeric string (up to 32 characters). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Puts CLI in a mode where the CRL can be entered manually. Enter quit and a carriage return (or simply 
enter two consecutive carriage returns) to exit this mode. This command only applies if the enrollment 
command is set to terminal. Refer to enrollment terminal on page 2049. 


Usage Examples 





The following allows you to manually paste in the CA’s CRL: 


(config)#crypto ca import MyProfile crl 
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crypto ca profile <name> 
Use the crypto ca profile command to define a CA and to enter the CA Profile Configuration. Use the no 


form of this command to disable this feature. Refer to CA Profile Configuration Command Set on page 
2045 for more information. 


Syntax Description 





<name> Creates a CA profile using an alphanumeric string (up to 32 characters). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Use this to specify the type of enrollment, as well as enrollment request parameters. Refer to the 
Functional Notes of the command crypto ca enroll <name> on page 644 for more information. 


Usage Examples 





The following example creates the CA profile called MyProfile and enters the CA Profile Configuration for 
that certificate authority: 


(config)#crypto ca profile MyProfile 
Configuring New CA Profile MyProfile. 
(ca-profile)# 
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crypto ike 


Use the crypto ike command to define the system-level local ID for IKE negotiations and to enter the IKE 
Client or IKE Policy command sets. Use the no form of this command to disable these features. Variations 
of this command include the following: 


crypto ike client configuration pool <name> 
crypto ike local-id address 
crypto ike policy <value> 


Syntax Description 





client configuration pool <name> Creates a local pool, assigns it the name of your choice and 
enters the IKE Client command set. Clients that connect via an 
IKE policy that specifies this pool name will be assigned values 
from this pool. Refer to the section IKE Policy Command Set on 
page 2098 for more information. 


local-id address Sets the local ID during IKE negotiation to be the IP address of 
the interface from which the traffic exits. This setting can be 
overridden on a per-policy basis using the local-id command. 
Refer to /ocal-id on page 2105 for more information. 

policy <value> Creates an IKE policy, assigns the sequence number value of 
your choice, and enters the IKE Policy command set. Refer to 
section [KE Policy Command Set on page 2098 for more 
information. 


Default Values 





There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example creates an IKE policy with a policy priority setting of 1 and enters the IKE Policy for 
that policy: 


(config)#crypto ike policy 1 
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Technology Review 





The following example configures an AOS product for VPN using IKE aggressive mode with preshared 
keys. The AOS product can be set to initiate IKE negotiation in main mode or aggressive mode. The 
product can be set to respond to IKE negotiation in main mode, aggressive mode, or any mode. In this 
example, the device is configured to initiate in aggressive mode and to respond to any mode. 


This example assumes that the AOS product has been configured with a WAN IP address of 63.97.45.57 
on interface ppp 1 and a LAN IP address of 10.10.10.254 on interface ethernet 0/1. The peer private IP 
Subnet is 10.10.20.0. 


For more detailed information on VPN configuration, refer to the VPN Configuration Guide located on the 
AOS Documentation CD provided with your unit. 


Step 1: 
Enter the Global Configuration mode (i.e., config terminal mode). 


>enable 
#configure terminal 


Step 2: 
Enable VPN support using the ip crypto command. This command allows crypto maps to be applied to 
interfaces, and enables the IKE server to listen for IKE negotiation sessions on UDP port 500. 


(config)#ip crypto 


Step 3: 

Set the local ID. During IKE negotiation, local IDs are exchanged between the local device and the peer 
device. In AOS, the default setting for all local IDs are configured by the crypto ike local-id command. 
The default setting is for all local IDs to be the IPv4 address of the interface over which the IKE negotiation 
is occurring. In the future, a unique system-wide host name or fully qualified domain name (FQDN) could 
be used for all IKE negotiation. 


(config)#crypto ike local-id address 


Step 4: 

Create IKE policy. In order to use IKE negotiation, an IKE policy must be created. Within the system, a list 
of IKE policies is maintained. Each IKE policy is given a priority number in the system. That priority number 
defines the position of that IKE policy within the system list. When IKE negotiation is needed, the system 
searches through the list, starting with the policy with priority of 1, looking for a match to the peer IP 
address. 


An individual IKE policy can override the system local ID setting by having the local-id command specified 
in the IKE policy definition. This command in the IKE policy is used to specify the type of local ID and the 
local ID data. The type can be of IPv4 address, FQDN, or user-specified FQDN. 
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An IKE policy may specify one or more peer IP addresses that will be allowed to connect to this system. To 
specify multiple unique peer IP addresses, the peer A.B.C.D command is used multiple times within a 
single IKE policy. To specify that all possible peers can use a default IKE policy, the peer any command is 
given instead of the peer A.B.C.D command inside of the IKE policy. The policy with the peer any 
command specified will match to any peer IP address (and, therefore, should be given the highest 
numerical priority number). This will make the policy the last one to be compared against during IKE 
negotiation. 


(config)#crypto ike policy 10 
(config-ike)#no local-id 
(config-ike)#peer 63.105.15.129 
(config-ike)#initiate aggressive 
(config-ike)#respond anymode 
(config-ike)#attribute 10 
(config-ike-attribute)#encryption 3des 
(config-ike-attribute)#hash sha 
(config-ike-attribute)#authentication pre-share 
(config-ike-attribute)#group 1 
(config-ike-attribute)#lifetime 86400 


Step 5: 

Define the remote ID settings. The crypto ike remote-id command is used to define the remote ID for a 
peer connecting to the system, specify the preshared-key associated with the specific remote ID, and 
(optionally) determine that the peer matching this remote ID should not use mode config (by using the 
no-mode-config keyword). Refer to crypto ike remote-id on page 652 for more information. 


(config)#crypto ike remote-id address 63.105.15.129 preshared-key mysecret1 23 


Step 6: 

Define the transform-set. A transform set defines the encryption and/or authentication algorithms to be 
used to secure the data transmitted over the VPN tunnel. Multiple transform sets may be defined in a 
system. Once a transform set is defined, many different crypto maps within the system can reference it. In 
this example, a transform set named highly_secure has been created. This transform set defines ESP 
with authentication implemented using 3DES encryption and SHA1 authentication. 


(config)#crypto ipsec transform-set highly_secure esp-3des esp-sha-hmac 
(cfg-crypto-trans)#mode tunnel 


Step 7: 

Define an IP access list. An extended access control list is used to specify which traffic needs to be sent 
securely over the VPN tunnel. The entries in the list are defined with respect to the local system. The 
source IP address will be the source of the traffic to be encrypted. The destination IP address will be the 
receiver of the data on the other side of the VPN tunnel. 


(config)#ip access-list extended corporate_traffic 
(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 log deny ip any any 
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Step 8: 

Create crypto map. A crypto map is used to define a set of encryption schemes to be used for a given 
interface. A crypto map entry has a unique index within the crypto map set. The crypto map entry will 
specify whether IKE is used to generate encryption keys or if manually specified keys will be used. The 
crypto map entry will also specify who will be terminating the VPN tunnel, as well as which transform set or 
sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime 
of all created IPSec security associations. 


(config)#crypto map corporate_vpn 1 ipsec-ike 
(config-crypto-map)#match address corporate_traffic 
(config-crypto-map)#set peer 63.105.15.129 

(config-crypto-map)#set transform-set highly_secure 
(config-crypto-map)#set security-association lifetime kilobytes 8000 
(config-crypto-map)#set security-association lifetime seconds 28800 
(config-crypto-map)#no set pfs 


Step 9: 

Configure a public interface. This process includes configuring the IP address for the interface and 
applying the appropriate crypto map to the interface. Crypto maps are applied to the interface on which 
encrypted traffic will be transmitted. 


config)#interface ppp 1 

config-ppp 1)#ip address 63.97.45.57 255.255.255.248 
config-ppp 1)#crypto map corporate_vpn 

config-ppp 1)#no shutdown 


aN aN 


Step 10: 
Configure a private interface. This process allows all traffic destined for the VPN tunnel to be routed to the 
appropriate gateway. 


config)#interface ethernet 0/1 

config-eth 0/1)#ip address 10.10.10.254 255.255.255.0 
config-eth 0/1)#no shutdown 

config-eth 0/1)#exit 


a OTN aN 
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crypto ike remote-id 


Use the crypto ike remote-id command to specify the remote ID and to associate a preshared key with the 
remote ID. Use the no form of this command to disable these features. Variations of this command include 
the following: 


crypto ike remote-id address <ip address> 

crypto ike remote-id address <ip address> <option> 
crypto ike remote-id any 

crypto ike remote-id any <option> 

crytpo ike remote-id asn1-dn <name> 

crypto ike remote-id asn1-dn <name> <option> 
crypto ike remote-id fqdn <name> 

crypto ike remote-id fqdn <name> <option> 

crypto ike remote-id user-fqdn <name> 

crypto ike remote-id user-fqdn <name> <option> 





to be activated. 


Wor The AOS VPN feature must be enabled (using the ip crypto command) for the VPN tunnel 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘one the AOS Documentation CD provided with your unit. 








Syntax Description 





address <ip address> Specifies a valid remote IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 
10.10.10.1). 

any Allows any remote ID (type and value). 

asni-dn <name> Specifies an abstract syntax notation distinguished name as 


the remote ID (enter this value in LDAP format). 


fqdn <name> Specifies a fully qualified domain name (FQDN) (e.g., 
adtran.com) as the remote ID. 


user-fqdn <name> Specifies a user FQDN or email address (e.g., 
user1@aditran.com) as the remote ID. 


<option> Specifies an optional parameter corresponding to this remote 
ID. Optional parameters include the following list: 


<wildcard mask> Optional. Specifies the wildcard mask that corresponds to a 
range of IP addresses (network) or a specific host. Wildcard 
masks are expressed in dotted decimal notation (for 
example, 0.0.0.255). 
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number this remote ID corresponds to. 


crypto map <name> <number> Optional. Specifies the crypto map name and sequence 

ike policy <va/lue> Optional. Specifies the IKE policy sequence number value 
this remote ID corresponds to. 

preshared-key <key> Optional. Associates a preshared key with this remote ID. 

no-mode-config Optional. Specifies that the peer matching this remote ID 


should not use mode config. 


no-xauth Optional. Specifies that the peer matching this remote ID 
should not use Xauth. 


nat-t [v1 | v2] [allow | force | disable] Optional. Denotes whether peers matching this remote ID 


should allow, disable, or force NAT traversal versions 1 or 2. 


Default Values 





There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 

Release 5.1 Command was expanded to include the any, asn1-dn, and no-xauth 
subcommands. 

Release 7.1 Command was expanded to include NAT traversal commands. 


Functional Notes 





The fqdn and user-fqdn <fqdn> line can include wildcard characters. The wildcard characters are “*” fora 
0 or more character match and “?” for a single character match. Currently, the “?” cannot be set up using 


the CLI, but it can be transferred to the unit via the startup-config. 
Example for user-fqdn: 


john*@domain.com 


will match: 


johndoe@domain.com 
johnjohn@adtran.comjohnjohn@myemail.com 
john@adtran.comjohn@myemail.com 


Example for fqdn: 


* domain.com 


will match: 


www.domain.com 
ftp.domain.com 
one.www.domain.com 
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The address remote ID can be in the form of a single host address or in the form of an IP address 
wildcard. 


Example for address type: 


crypto ike remote id address 10.10.10.0 0.0.0.255 


will match: 


10.10.10.1 
10.10.10.2 
and all IP addresses in the form of 10.10.10.X (where X is 0 to 255) 


The asni-dn <name> line can include wildcard characters. The wildcard characters are “*” for a 0 or more 
character match and “?” for a single character match. Currently, the “?” cannot be set up using the CLI, but 
it can be transferred to the unit via the startup-config. 


Example for typical asn1-dn format with no wildcards: 


crypto ike remote-id asn1-dn “CN=MyRouter, C=US, S=ALCA, L=Hunisville, O=Adtran, 
OU=TechSupport” 
(matches only remote ID strings with all fields exactly the same) 


Example for typical asn1-dn format with wildcards used to match a string within a field: 
crypto ike remote-id asn1-dn “CN=*, C=*, S=*, L=*, O=*, OU=*” 
(matches any asn1-dn remote ID string from a peer) 


Example for typical asn1-dn format with wildcards used to match a portion of the remote ID: 


crypto ike remote-id asn1-dn “CN=*, C=US, S=ALCA, L=Huntsville, O=Adtran, OU=*” 
(matches any remote ID string with the same values for the C, S, L, and O fields, and any values in the CN 
and OU fields) 


Example for typical asn1-dn format with wildcards used to match a portion of a field: 


crypto ike remote-id asn1-dn “CN=My*, C=US, S=ALCA, L=Huntsville, O0=Adtran, OU=TechSupport” 
(matches remote ID strings with all fields exactly the same, but with any CN field beginning with “My’”) 


Usage Examples 





The following example assigns a remote ID of 63.97.45.57 and associates the preshared key mysecret 
with the remote ID: 


(config)#crypto ike remote-id address 63.97.45.57 preshared-key mysecret 
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crypto ipsec transform-set <name> <parameters> 


Use the crypto ipsec transform-set command to define the transform configuration for securing data 
(e.g., esp-3des, esp-sha-hmac, etc.). The transform set is then assigned to a crypto map using the map’s 
set transform-set command. Refer to set transform-set on page 2076. Use the no form of this command to 
disable this feature. 





the AOS Documentation CD provided with your unit. 


Wor For VPN configuration example scripts, refer to the VPN Configuration Guide located on 





Syntax Description 





<name> Assigns a name to the transform set you are about to define. 
<parameters> Assigns a combination of up to three security algorithms from the following 
list: 


¢ ah-md5-hmac, ah-sha-hmac 


* esp-des, esp-3des, esp-aes-128-cbc, esp-aes-192-cbc, 
esp-aes-256-cbc, esp-null 


* esp-md5-hmac, esp-sha-hmac 


Default Values 





There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto 
map is associated with transform sets which contain specific security algorithms. 


If no transform set is configured for a crypto map, the entry is incomplete and will have no effect on the 
system. 


Usage Examples 





The following example first creates a transform set (Set1) consisting of two security algorithms (up to three 
may be defined), and then assigns the transform set to a crypto map (Map1): 


config)#crypto ipsec transform-set Set1 esp-3des esp-sha-hmac 
cfg-crypto-trans)#exit 

config)#crypto map Map1 1 ipsec-ike 

config-crypto-map)#set transform-set Set1 


anon ean mm 
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crypto map 


Use the crypto map command to define crypto map names and numbers and to enter the associated mode 
(either Crypto Map IKE or Crypto Map Manual). Use the no form of this command to disable this feature. 
Variations of this command include the following: 


crypto map <name> <index> ipsec-ike 
crypto map <name> <index> ipsec-manual 





Wor For VPN configuration example scripts, refer to the VPN Configuration Guide located on 


the AOS Documentation CD provided with your unit. 





Syntax Description 





<name> Names the crypto map. You can assign the same name to multiple crypto 
maps, as long as the map index numbers are unique. 

<index> Assigns a crypto map sequence number. 

ipsec-ike Specifies the crypto map IKE (refer to Crypto Map IKE Command Set on 


page 2060). This supports IPSec entries that will use IKE to negotiate keys. 


ipsec-manual Specifies the crypto map manual (refer to Crypto Map Manual Command 
Set on page 2077). This supports manually configured IPSec entries. 


Default Values 





There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto 
map is associated with transform sets that contain specific security algorithms (refer to crypto ipsec 
transform-set <name> <parameters> on page 655). 


Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, 
the crypto map entry refers to an access control list. An access control list is assigned to the crypto map 
using the match address command (refer to ike-policy <number> on page 2064). 


If no transform set or access list is configured for a crypto map, the entry is incomplete and will have no 
effect on the system. 


When you apply a crypto map to an interface (using the crypto map command within the interface’s 
mode), you are applying all crypto maps with the given map name. This allows you to apply multiple crypto 
maps if you have created maps that share the same name, but have different map index numbers. 
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Usage Examples 





The following example creates a new IPSec IKE crypto map called testMap with a map index of 10: 


(config)#crypto map testMap 10 ipsec-ike 
(config-crypto-map)# 


Technology Review 





A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types 
of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index that is used to sort the 
ordered list. When a nonsecured packet arrives on an interface, the crypto map set associated with that 
interface is processed in order. If a crypto map entry matches the nonsecured traffic, the traffic is 
discarded. 


When a packet is to be transmitted on an interface, the crypto map set associated with that interface is 
processed in order. The first crypto map entry that matches the packet will be used to secure the packet. If 
a suitable security association (SA) exists, it is used for transmission. Otherwise, IKE is used to establish 
an SA with the peer. If no SA exists, and the crypto map entry is “respond only,” the packet is discarded. 


When a secured packet arrives on an interface, its security parameter index (SPI) is used to look up an SA. 
If an SA does not exist, or if the packet fails any of the security checks (bad authentication, traffic does not 
match SA selectors, etc.), it is discarded. If all checks pass, the packet is forwarded normally. 
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data-call 


Use the data-call commands to set the preauthentication defaults for inbound demand routing calls. Use 
the no form of these commands to return to the default settings. Variations of this command include: 


data-call authentication protocol chap 
data-call authentication protocol pap 
data-call mtu <number> 

data-call multilink 

data-call sent authentication protocol chap 
data-call sent authentication protocol pap 


Syntax Description 





authentication protocol Sets the authentication protocol expected for inbound calls. For more 
detailed information on CHAP and PAP, refer to the Technology Review 
section of the command ppp authentication on page 1823. 


chap Configures CHAP authentication. 
pap Configures PAP authentication. 
mtu <number> Sets the maximum size for the transmit unit. Valid range is 64 to 1520. 


Refer to the mtu <size> on page 1821 for more detailed syntax 
descriptions. 


multilink Enables the negotiation of multilink MRU size for inbound calls. 


sent authentication protocol Sets the authentication protocol sent for inbound calls. For more 
detailed information on CHAP and PAP, refer to the Technology Review 
section of the command ppp authentication on page 1823. 


Default Values 


By default, the authentication protocol is not configured, multilink is disabled, and the MTU size is 1500. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





There are certain PPP parameters that must be known before PPP can negotiate an inbound call when 
using demand routing. To ensure PPP convergence, it is recommended (in most cases) that demand 
routing interfaces use the same settings as those specified in the data-call commands. The data-call mtu 
<number> command sets the MTU and controls the negotiated maximum receive unit (MRU) size during 
incoming calls for Link Control Protocol (LCP) negotiation. If the PPP parameters do not match the 
authenticated user, the link is renegotiated. 
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Usage Examples 





The following example sets the authentication protocol expected for incoming calls to CHAP. The router 
will then authenticate the peer using CHAP: 


(config)#data-call authentication protocol chap 


The following example specifies an MTU of 1200 on the demand routing interface: 


(config)#data-call mtu 1200 
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dot11ap access-point-controller 


Use the dotllap access-point-controller command to globally enable the access point controller logic on 
the platform. Use the no form of this command to disable the AC logic on the platform. 


Syntax Description 


No subcommanads. 


Default Values 
By default, the AC logic is disabled. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





The AC logic is currently supported on the following platforms: NetVanta 1335, NetVanta 3100 Series, and 
NetVanta 3400 Series. 


Usage Examples 





The following example enables the AC logic: 


(config)#dot11ap access-point-controller 
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enable password <password> 


Use the enable password command to define a password (with optional encryption) for accessing the 
Enable mode. Use the no enable password command to remove a configured password. Variations of this 
command include: 


enable password md5 <password> 
enable password <password> 





Wor To prevent unauthorized users from accessing the configuration functions of your device, 


immediately define an Enable-level password. 





Syntax Description 





md5 Optional. Specifies message digest 5 (MD5) as the encryption protocol to 
use when displaying the Enable password during show commands. If the 
md5 keyword is not used, encryption is not used when displaying the 
Enable password during show commands. 


<password> Specifies the Enable password using a string (up to 30 characters in 
length). 


Default Values 





By default, there is no password configured for the Enable mode. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





To provide extra security, AOS can encrypt the Enable password when displaying the current configuration. 
For example, the following is a show configuration printout (password portion) with an unencrypted 
Enable password (ADTRAN): 


enable password ADTRAN 
! 


Alternately, the following is a show configuration printout (password portion) with an Enable password of 
ADTRAN using MD5 encryption: 
! 


enable password md5 encrypted 5aa5fbae7d01a90e79fb57705ce74676 
! 
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event-history on 


Use the event-history on command to enable event logging for the AOS system. Event log messages will 
not be recorded unless this command has been issued (regardless of the event-history priority 
configured). The event log may be displayed using the show event-history command. Use the no form of 
this command to disable the event log. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the AOS event logging capabilities are disabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The event history provides useful information regarding the status of the system and individual port states. 
Use the event history as a troubleshooting tool when identifying system issues. The following is a sample 
event history log. 


#show event-history 

Using 526 bytes 

2002.07.12 15:34:01 T1.t1 1/1 Yellow 

2002.07.12 15:34:01 INTERFACE_STATUS.t1 1/1 changed state to down. 
2002.07.12 15:34:02 T1.t1 1/1 No Alarms 

2002.07.12 15:34:02 INTERFACE_STATUS.t1 1/1 changed state to up. 
2002.07.12 15:34:03 INTERFACE_STATUS.eth 0/1 changed state to up. 
2002.07.12 15:34:10 OPERATING_SYSTEM Warm Start 

2002.07.12 15:34:12 PPP.NEGOTIATION LCP up 

2002.07.12 15:34:12 PPP.NEGOTIATION IPCP up 


Usage Examples 





The following example enables the AOS event logging feature: 


(config)#event-history on 
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event-history priority 


Use the event-history priority command to set the threshold for events stored in the event history. All 
events with the specified priority or higher will be kept for viewing in the local event log. The event log 
may be displayed using the show event-history command. Use the no form of this command to keep 
specified priorities from being logged. Variations of this command include: 


event-history priority error 
event-history priority fatal 
event-history priority info 
event-history priority notice 
event-history priority warning 


Syntax Description 





error Logs events with error and fatal priorities. 

fatal Logs only events with a fatal priority. 

info Logs all events. 

notice Logs events with notice, warning, error, and fatal priorities. 
warning Logs events with warning, error, and fatal priorities. 


Default Values 





By default, no event messages are logged to the event history. 


Command History 


Release 1.1 Command was introduced. 


Functional Notes 





The event history provides useful information regarding the status of the system and individual port states. 
Use the event history as a troubleshooting tool when identifying system issues. The following is a sample 
event history log. 


Router#show event-history 

Using 526 bytes 

2002.07.12 15:34:01 T1.t1 1/1 Yellow 

2002.07.12 15:34:01 INTERFACE_STATUS.t1 1/1 changed state to down. 
2002.07.12 15:34:02 T1.t1 1/1 No Alarms 

2002.07.12 15:34:02 INTERFACE_STATUS.t1 1/1 changed state to up. 
2002.07.12 15:34:03 INTERFACE_STATUS.eth 0/1 changed state to up. 
2002.07.12 15:34:10 OPERATING_SYSTEM Warm Start 

2002.07.12 15:34:12 PPP.NEGOTIATION LCP up 

2002.07.12 15:34:12 PPP.NEGOTIATION IPCP up 
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Usage Examples 





The following example logs all events to the event history: 


(config)#event-history priority info 
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exception memory minimum <value> 


Use the exception memory minimum command to initiate a reboot when the specified minimum amount 
of memory is no longer available. This ensures that adequate memory is available to store an exception 
report. Use the no form of this command to disable rebooting when the minimum memory limitation is 
violated. 





ADTRAN recommends only using this command if advised by ADTRAN Technical Support. 


Executing the exception memory minimum command may cause the unit to reboot. 
UT! 





Syntax Description 





<value> Specifies the minimum amount of memory (in bytes) that must be free 
before a reboot occurs. 


Default Values 





By default, exception memory minimum is disabled. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example sets the exception memory minimum to 3 MB: 


(config)#exception memory minimum 30000000 
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exception report 


Use the exception report command to specify the name of the output file for the exception report. Use the 
no form of this command to return to the default setting. Variations of this command include: 


exception report 
exception report file-name </filename> 


Syntax Description 





file-name <filename> Optional. Specifies a file name for the exception report other than the 
default file name. 


Default Values 





By default, the exception report file name is exception report-yyyyMMddHHmmss. (The 
yyyyMMddHHmmss will be automatically replaced with the actual year, month, day, hour, minutes, and 
seconds.) 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example specifies example as the name of the output file for an exception report: 


(config)#exception report file-name example 
(config)#exit 
#exception report generate 
Exception report generated. 
#show flash 
1744 startup-config 
45676 example-20050708080537 
#config t 
(config)#no exception report file-name 
(config)#exit 
Appropriate commands must be issued to preserve configuration. 
#exception report generate 
Exception report generated. 
#show flash 
1744 startup-config 
45676 example-20050708080537 
45900 exception-report-20050708080552 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 666 


Command Reference Guide Global Configuration Mode Command Set 





ftp authentication <name> 


Use the ftp authentication command to attach AAA login authentication lists to the File Transfer Protocol 
(FTP) server (refer to aaa authorization commands <level> on page 613 for more information). This list is 
only used if the authentication, authorization, and accounting (AAA) subsystem has been activated with 
the aaa on command. Use the no form of this command to return to the default setting. 


Syntax Description 





<name> Specifies the named list created with the aaa authentication login 
command. Enter default to use the AAA default login list. 


Default Values 





There is no default configuration for the list. If AAA is turned on but no ftp authentication list has been 
assigned, FTP denies all login attempts. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example attaches the authentication list, MyList, to the FTP server: 


(config)#ftp authentication MyList 


The following example specifies that AOS use the default AAA login list for FTP authentication: 


(config)#ftp authentication default 
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garp timer <value> 


Use the garp timer command to adjust the timers used in all Generic Attribute Registration Protocol 
(GARP) applications (currently only GVRP) on the switch. Use the no form of this command to return to 
the default settings. Variations of this command include: 


garp timer join <value> 
garp timer leave <value> 
garp timer leaveall <value> 


Syntax Description 





join <value> Specifies the timer value (in milliseconds) between GARP application join 
messages. 
leave <value> Specifies the timer value (in milliseconds) between GARP application leave 


messages (must be at least three times longer than the join timer). 


leaveall <value> Specifies the timer value (in milliseconds) between GARP application leave 
all messages (must be greater than the leave timer). 


Default Values 


By default, the join timer is 200 milliseconds, the leave timer is 600 milliseconds, and the leaveall timer is 
10,000 milliseconds. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





All devices communicating using GARP in the network need to have the same values for these timers. 
Changing these values is not recommended. 


Usage Examples 





The following example specifies the time (in milliseconds) between GARP application leave all messages: 


(config)#garp timer leaveall 20000 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 668 


Command Reference Guide Global Configuration Mode Command Set 





gvrp 


Use the gvrp command to enable GARP VLAN Registration Protocol (GVRP) on the switch globally. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 
By default, GVRP is disabled. 





Command History 





Release 8.1 Command was introduced. 


Functional Notes 
Disabling GVRP globally will disable GVRP on all interfaces. 





Usage Examples 





The following example enables GVRP on the switch globally: 


(config)#gvrp 
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hostname <name> 
Use the hostname command to create a name used to identify the unit. This alphanumeric string should be 


used as a unique description for the unit. This string will be displayed in all prompts. Use the no form of 
this command to remove a host name. 


Syntax Description 





<name> Identifies the unit using an alphanumeric string up to 32 characters. 


Default Values 





By default, the host name is router. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example creates a host name for the AOS device of ATL_RTR to identify the system as the 
Atlanta router: 


(config)#hostname ATL_RTR 
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interface range <interface type> <slot/port> - <slot/port> 


Use the interface range command to enter configuration mode for a range of interfaces. 


Syntax Description 





<interface type> Specifies the interface type (e.g., Ethernet, Gigabit Ethernet, etc.). Type 
interface range ? for a complete list of valid interfaces. 


<slot/port> Specifies the slot/port number of the first interface in the desired range of 
interfaces to be configured, followed by a hyphen (-) or a comma (,). 


<slot/port> Specifies the slot/port number of the last interface in the desired range of 
interfaces to be configured. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 11.1 Command was expanded to include FXO range. 
Release 14.1 Command was expanded to include Gigabit Ethernet interfaces. 


Functional Notes 





All configuration changes made in this mode will apply to all interfaces in the range specified. 


Usage Examples 





The following example selects seven consecutive Ethernet ports for configuration: 
(config)#interface range eth 0/3-0/12 

(config-eth 0/3-12)# 

The following example selects nonconsecutive Ethernet ports for configuration: 


(config)#interface range eth 0/14, 0/16, 0/18 
(config-eth 0/14, 0/16, 0/18)# 
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ip 
Use the ip command to specify alternate Transmission Control Protocol (TCP) ports for secure shell (SSH) 


and Telnet servers. Use the no form of this command to return to default settings. Variations of this 
command include: 


ip ssh-server <port> 
ip telnet-server <port> 


Syntax Description 





ssh server <port> Configures the SSH server to listen on an alternate TCP port. 
telnet server <port> Configures the Telnet server to listen on an alternate TCP port. 


Default Values 





By default, the SSH server listens on TCP port 22 and Telnet listens on TCP port 23. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





SSH is a newer version of Telnet that allows you to run command line and graphical applications (as well 
as, transfer files) over an encrypted connection. 


Usage Examples 





The following example configures the Telnet server to listen on TCP port 2323, instead of the default port 
23: 


(config)#ip telnet-server 2323 


The following example configures the SSH server to listen on TCP port 2200, instead of the default port 22: 
(config)#ip ssh-server 2200 


To return to the default settings, use the no version of the command. For example: 


(config)#no ip ssh-server 2200 
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ip access-list extended <name> 


Use the ip access-list extended command to create an empty access control list (ACL) and enter the 
Extended Access List command set. Use the no form of this command to delete an ACL and all the entries 
contained in it. For more information on using ACLs with the AOS firewall, refer to ip policy-class 
<name> <action> on page 744. The following lists the complete syntax for the ip access-list extended 
commands: 


(config)#ip access-list extended <name> 
(config-ext-nacl)#<action> <protocol> <source> <source port> <destination> <destination port> <detail> 


Syntax Description 





<name> Names the configured ACL using an alphanumeric descriptor. All ACL 
descriptors are case sensitive. 


<action> permit Permits entry to the routing system for specified packets. 
deny Denies entry to the routing system for specified packets. 


remark Associates a descriptive tag (up to 80 alphanumeric characters 
enclosed in quotation marks) to the ACL. Enter a functional 
description for the list, such as “This list blocks all outbound 


Web traffic.” 
<protocol> Specifies the data protocol ip, icmp, tcp, udp, ahp, esp, gre, or a specific 
protocol. Range is 0 to 255. 
<source> Specifies the source used for packet matching. Sources can be expressed 


in one of five ways: 
Using the keyword any to match any IP address. 


2. Using host <ip address> to specify a single host address. IP addresses 
should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


3. Using the <ip address> <wildcard mask> format to match all IP 
addresses in a range. The wildcard mask corresponds to a range of IP 
addresses (network) or a specific host. Wildcard masks are expressed 
in dotted decimal notation (for example, 0.0.0.255). 


4. Using the keyword hostname to match based on a DNS name. The 
unit must be configured with DNS servers for this function to work. 


5. Using vrf <name> associates a nondefault VRF with the DNS host 
name specified in the source or destination. The VRF is required if the 
router’s DNS server is on a nondefault VRF. This parameter can only be 
used with the hostname source. 


<source port> Optional. The source port is used only when <protocol> is tep or udp. The 
following keywords and port numbers/names are supported for the 
<source port> field: 
any Matches any destination port. 


eq <port number/name> Matches only packets equal to specified port 
number. 
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gt <port number/name> 


It <port number/name> 


neq <port number/name> 


Matches only packets with a port number 
greater than the specified port number. 
Matches only packets with a port number less 
than the specified port number. 


Matches only packets that are not equal to the 
specified port number. 


range <port number/name> Matches only packets that contain a port 


<port number> 


<port name> 


number in the specified range. 

Specifies the port number used by TCP or 
UDP to pass information to upper layers using 
the following syntax: <0-65535>. All ports 
below 1024 are considered well-known ports, 
and are controlled by the Internet Assigned 
Numbers Authority (IANA). All ports above 
1024 are dynamically assigned ports that 
include registered ports for vendor-specific 
applications. 

The following UDP port numbers can be 
specified using the associated names: 

biff (Port 512) ntp (Port 123) 

bootpc (Port 68) pim-auto-rp (Port 496) 
bootps (Port 67) rip (Port 520) 

discard (Port 9) snmp (Port 161) 
dnsix (Port 195) snmptrap (Port 162) 
domain (Port 53) 
echo (Port 7) 


sunrpe (Port 111) 
syslog (Port 514) 
isakmp (Port 500) tacacs (Port 49) 
mobile-ip (Port 434) talk (Port 517) 
nameserver (Port 42) tftp (Port 69) 
netbios-dgm (Port 138)time (Port 37) 
netbios-ns (Port 137) who (Port 513) 
netbios-ss (Port 139) xdmep (Port 177) 


The following TCP port numbers can be 
specified using the associated names: 


bgp (Port 179) Ipd (Port 515) 
chargen (Port 19) nntp (Port 119) 

cmd (Port 514) pim-auto-rp (Port 496) 
daytime (Port 13) pop2 (Port 109) 
discard (Port 9) pops (Port 110) 
domain (Port 53) smtp (Port 25) 

echo (Port 7) sunrpce (Port 111) 
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<destination> 


<destination port> 


<detail> 


Default Values 


exec (Port 512) syslog (Port 514) 
finger (Port 79) tacacs (Port 49) 
ftp (Port 21) talk (Port 517) 


gopher (Port 70) tftp (Port 69) 
hostname (Port 101) telnet (Port 23) 


ident (Port 113) time (Port 37) 
irc (Port 194) uucp (Port 540) 
klogin (Port 543) whois (Port 43) 
kshell (Port 544) www (Port 80) 


login (Port 513) 


Specifies the destination used for packet matching. Destinations can be 
expressed in one of five ways: 


1. Using the keyword any to match any IP address. 


2. Using host <ip address> to specify a single host address. IP addresses 
should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


3. Using the <ip address> <wildcard mask> format to match all IP 
addresses in a range. The wildcard mask corresponds to a range of IP 
addresses (network) or a specific host. Wildcard masks are expressed 
in dotted decimal notation (for example, 0.0.0.255). 


4. Using the keyword hostname to match based on a DNS name. The unit 
must be configured with DNS servers for this function to work. 


5. Using vrf <name> associates a nondefault VRF with the DNS host 
name specified in the source or destination. The VRF is required if the 
router’s DNS server is on a nondefault VRF. This parameter can only be 
used with the hostname source. 

Optional. Specifies the destination port. Only valid when <protocol> is tep 

or udp. The same keywords and port numbers/names used for the 

<source port> field are valid for the <destination port> field. Refer to 
previously listed <source port> for more details. 


Optional. Further specifies the parameters for the ACL entry. 


log Enables logging of any packets that match the 
ACL entry. 
track <track name> Makes the ACL entry dependant upon a track. 


By default, all AOS security features are disabled, and there are no configured ACLs. 


Command History 





Release 2.1 
Release 16.1 


Command was introduced. 
Command was expanded to include log, track, and VRF parameters. 
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Functional Notes 





Access control lists (ACLs) are used as packet selectors by different AOS features (firewall, VPN, QoS); by 
themselves they do nothing. ACLs are composed of an ordered list of entries with an implicit deny all at 
the end of each list. An ACL entry contains two parts: an action (permit or deny) and a packet pattern. A 
permit ACL is used to match packets (meeting the specified pattern) to enter the router system. A deny 
ACL advances AOS to the next access policy entry. AOS provides two types of ACLs: standard and 
extended. Standard ACLs match based on the source of the packet. Extended ACLs match based on the 
source and destination of the packet. 


ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at 
the top and the more general at the bottom. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 


The following example creates an ACL AllowIKE to allow all IKE (UDP Port 500) packets from the 
190.72.22.55.0/24 network: 


(config)#ip access-list extended AllowlKE 
(config-ext-nacl)#permit udp 190.72.22.55 0.0.0.255 eq 500 any eq 500 


The following example creates an entry in the MatchAll ACL to permit ip packets from host name 
www.adtran.com using the nondefault VRF RED to resolve the DNS host name with any destination: 


(config)#ip access-list extended MatchAll 
(config-ext-nacl)#permit ip hostname www.adtran.com vrf RED any 


Refer to the AOS Documentation CD or the ADTRAN website (www.adtran.com) for more ACL 
configuration details. 
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ip access-list standard <name> 


Use the ip access-list standard command to create an empty access control list (ACL) and enter the 
Standard Access List command set. Use the no form of this command to delete an ACL and all the entries 
contained in it. For more information on using ACLs with the AOS firewall, refer to ip policy-class 
<name> <action> on page 744. The following lists the complete syntax for the ip access-list standard 
commands: 


(config)#ip access-list standard <name> 
(config-std-nacl)#<action> <source> <detail> 


Syntax Description 





<name> Identifies the configured ACL using an alphanumeric descriptor. All ACL descriptors 
are case sensitive. 


<action> permit Permits entry to the routing system for specified packets. 
deny Denies entry to the routing system for specified packets. 


remark Associates a descriptive tag (up to 80 alphanumeric characters enclosed in 
quotation marks) to the ACL. Enter a functional description for the list, such 
as “This list blocks all outbound Web traffic.” 


<source> Specifies the source used for packet matching. Sources can be expressed in one of 
five ways: 


1. Using the keyword any to match any IP address. 


2. Using host </p address> to specify a single host address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


3. Using the <ip address> <wildcard mask> format to match all IP addresses ina 
range. The wildcard mask corresponds to a range of IP addresses (network) ora 
specific host. Wildcard masks are expressed in dotted decimal notation (for 
example, 0.0.0.255). 


4. Using the keyword hostname to match based on a DNS name. The unit must be 
configured with DNS servers for this function to work. 


5. Using vrf <name> associates a nondefault VRF with the DNS host name for the 
source. The VRF is required if the router’s DNS server is on a nondefault VRF. 
This parameter can only be used with the hostname source. 


<detail> Optional. Further specifies the parameters for the ACL entry. 
log Enables logging of any packets that match the ACL entry. 
track <track name>Makes the ACL entry dependant upon a track. 


Default Values 





By default, all AOS security features are disabled, and there are no configured ACLs. 
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Command History 





Release 2.1 Command was introduced. 
Release 16.1 Command was expanded to include log, track, and VRF parameters. 


Functional Notes 





Access control lists (ACLs) are used as packet selectors by different AOS features (firewall, VPN, QoS); by 
themselves they do nothing. ACLs are composed of an ordered list of entries with an implicit deny all at 
the end of each list. An ACL entry contains two parts: an action (permit or deny) and a packet pattern. A 
permit ACL is used to match packets (meeting the specified pattern) to enter the router system. A deny 
ACL advances AOS to the next access policy entry. AOS provides two types of ACLs: standard and 
extended. Standard ACLs match based on the source of the packet. Extended ACLs match based on the 
source and destination of the packet. 


ACLs are performed in order from the top of the list down. Generally, the most specific entries should be at 
the top and the more general at the bottom. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example creates an ACL UnTrusted to deny all packets from the 190.72.22.248/30 network: 
(config)#ip access-list standard UnTrusted 

(config-std-nacl)#deny 190.72.22.248 0.0.0.3 

The following example creates an entry in the MatchAll ACL to permit packets from host name 


www.adtran.com using the nondefault VRF RED to resolve the DNS host name: 


(config)#ip access-list standard MatchAll 
(config-std-nacl)#permit hostname www.adtran.com vrf RED 


Refer to the AOS Documentation CD or the ADTRAN website (www.adtran.com) for more ACL 
configuration information. 
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ip as-path-list <name> 


Use the ip as-path-list command to create IP autonomous system (AS) path lists for route-map use. Use 
the no form of this command to delete the AS path list. 


Syntax Description 


<name> Specifies the name of the AS path list. Refer to AS Path List Configuration 
Command Set on page 2112 for more information on the available options. 


Default Values 





By default, no AS path lists are defined. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





AS path lists are a type of route filter that permits or denies BGP routes based on the AS_ PATH attribute. 
AS path lists define a list of AS specifications that once created, may then be referenced in a route map. 
Refer to the Usage Examples section below. 


Usage Examples 





The following example creates the AS path list list5 and enters the IP as-path-list command mode: 


(config)#ip as-path-list list5 
(config-as-path-list)# 
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ip classless 


Use the ip classless command to forward classless packets to the best supernet route available. A classless 
packet is a packet addressed for delivery to a subnet of a network with no default network route. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





AOS products only function in classless mode. You cannot disable this feature. 


Usage Examples 





The following example enables the system to forward classless packets: 


(config)#ip classless 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 680 


Command Reference Guide Global Configuration Mode Command Set 





ip community-list <name> 


Use the ip community-list command to create a community list for BGP route map use. Use the no form 
of this command to delete a community list. 


Syntax Description 


<name> Specifies the name of the community to use in the community list attribute 
for BGP routes. Refer to Community List Configuration Command Set on 
page 2147 for more information on the available options. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a community list MyList and enters the Community List Configuration 
mode: 


(config)#ip community-list MyList 
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ip crypto 


Use the ip crypto command to enable AOS VPN functionality and allow crypto maps to be added to the 
interfaces. Use the no form of this command to disable the VPN functionality. Variations of this command 
include: 


ip crypto 
ip crypto fast-failover 





Disabling the AOS security features (using the no ip crypto command) does not affect VPN 
configuration settings (with the exception of the removal of all crypto maps from the 

‘ome interfaces). All other configuration parameters will remain intact, and VPN functionality 
will be disabled. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘one the AOS Documentation CD provided with your unit. 








Syntax Description 





fast-failover Optional. This setting is used when the same crypto map is applied to two 
different egress interfaces. It allows the quick deletion of IKE and IPSec 
SAs when the default route policy-class changes. 


Default Values 
By default, all AOS VPN functionality is disabled. 





Command History 





Release 4.1 Command was introduced. 
Release 11.2 Command was expanded to include the fast-failover feature. 


Functional Notes 


VPN-related settings will not go into effect until you enable VPN functionality using the ip crypto 
command. AOS allows you to perform all VPN-related configuration prior to enabling ip crypto, with the 
exception of assigning a crypto map to an interface. The no ip crypto command removes all crypto maps 
from the interfaces. Enabling ip crypto enables the IKE server on UDP Port 500. The no form of this 
command disables the IKE server on UDP Port 500. 


Usage Examples 





The following example enables VPN functionality: 


(config)#ip crypto 
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ip default-gateway </p address> 


Use the ip default-gateway command to specify a default gateway on a switch or on a router if (and only 
if) IP routing is NOT enabled on the router. Use the ip route command to add a default route to the route 
table when using IP routing functionality. Refer to ip route on page 760 for more information. Use the no 
form of this command to disable this feature. 


Syntax Description 





<ijp address> Specifies the default gateway IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, there is no configured default gateway. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 

The following example disables IP routing on a router and configures a default gateway for 10.10.10.1: 
(config)#no ip routing 

(config)#ip default-gateway 10.10.10.1 

The following example specifies a default gateway for the management interface on a switch: 


(config)#ip default-gateway 10.10.10.1 
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ip dhcp-server database local 


Use the ip dhcp-server database local command to configure a Dynamic Host Configuration Protocol 
(DHCP) database agent with local bindings. Use the no form of this command to disable this option. 


Syntax Description 


No subcommanas. 


Default Values 





No default values. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the DHCP database agent with local bindings: 


(config)#ip dhcp-server database local 
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ip dhcp-server excluded-address 


Use the ip dhcp-server excluded-address command to specify IP addresses that cannot be assigned to 
Dynamic Host Configuration Protocol (DHCP) clients. Use the no form of this command to remove a 
configured IP address restriction. Variations of this command include: 


ip dhcp-server excluded-address <start ip address> 

ip dhcp-server excluded-address <siart ip address> <end ip address> 

ip dhcp-server excluded-address vrf <name> <start ip address> 

ip dhcp-server excluded-address vrf <name> <start ip address> <end ip address> 


Syntax Description 





<start ip address> Specifies the lowest IP address in the range OR a single IP address to be 
excluded. 
<end ip address> Optional. Specifies the highest IP address in the range. This field is not 


required when specifying a single IP address. 


IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


vrf <name> Optional. Specifies the nondefault VRF to which the IP addresses are 
associated. If a VRF is not specified, the default VRF is assumed. 


Default Values 





By default, there are no excluded IP addresses. 


Command History 





Release 2.1 Command was introduced. 
Release 17.1 Command was expanded to include the VRF parameter. 


Functional Notes 





The AOS DHCP server (by default) allows all IP addresses for the DHCP pool to be assigned to requesting 
clients. This command is used to ensure that the specified address is never assigned by the DHCP server. 
When static-addressed hosts are present in the network, it is helpful to exclude the IP addresses of the 
host from the DHCP IP address pool. This will avoid IP address overlap. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 685 


Command Reference Guide Global Configuration Mode Command Set 





Usage Examples 





The following example excludes an IP address of 172.22.5.100 and the range 172.22.5.200 through 
172.22.5.250: 


(config)#ip dhcp-server excluded-address 172.22.5.100 
(config)#ip dhcp-server excluded-address 172.22.5.200 172.22.5.250 
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ip dhcp-server ping packets <number> 


Use the ip dhcp-server ping packets command to specify the number of ping packets the Dynamic Host 
Configuration Protocol (DHCP) server will transmit before assigning an IP address to a requesting DHCP 
client. Transmitting ping packets verifies that no other hosts on the network are currently configured with 
the specified IP address. Use the no form of this command to prevent the DHCP server from using ping 
packets as part of the IP address assignment process. 


Syntax Description 





<number> Specifies the number of DHCP ping packets sent on the network before 
assigning the IP address to a requesting DHCP client. 


Default Values 





By default, the number of DHCP server ping packets is set at 2 packets. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Before assigning an IP address to a requesting client, the AOS DHCP server transmits a ping packet on 
the network to verify there are no other network hosts already configured with the specified address. If the 
DHCP server receives no reply, the IP address is assigned to the requesting client and added to the DHCP 
database as an assigned address. Configuring the ip dhcp-server ping packets command with a value of 
0 prevents the DHCP server from using ping packets as part of the IP address assignment process. 


Usage Examples 





The following example configures the DHCP server to transmit four ping packets before assigning an 
address: 


(config)#ip dhcp-server ping packets 4 
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ip dhcp-server ping timeout <value> 


Use the ip dhcep-server ping timeout command to specify the interval (in milliseconds) the Dynamic Host 
Configuration Protocol (DHCP) server will wait for a response to a transmitted DHCP ping packet. The 
DHCP server transmits ping packets before assigning an IP address to a requesting DHCP client. 
Transmitting ping packets verifies that no other hosts on the network are currently configured with the 
specified IP address. Use the no form of this command to return to the default timeout interval. 


Syntax Description 





<value> Specifies the number of milliseconds the DHCP server will wait for a 
response to a transmitted DHCP ping packet. Valid range is 1 to 
1000 milliseconds. 


Default Values 





By default, the ip dhcp-server ping timeout is set to 500 milliseconds. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Before assigning an IP address to a requesting client, the AOS DHCP server transmits a ping packet on 
the network to verify there are no other network hosts already configured with the specified address. If the 
DHCP server receives no reply, the IP address is assigned to the requesting client and added to the DHCP 
database as an assigned address. 


Usage Examples 





The following example configures the DHCP server to wait 900 milliseconds for a response to a 
transmitted DHCP ping packet before considering the ping a failure: 


(config)#ip dhcp-server ping timeout 900 
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ip dhcp-server pool <name> 
Use the ip dhcp-server pool command to create a Dynamic Host Configuration Protocol (DHCP) address 


pool and enter the DHCP pool. Use the no form of this command to remove a configured DHCP address 
pool. Refer to the section DHCP Pool Command Set on page 2543 for more information. 


Syntax Description 





<name> Identifies the configured DHCP server address pool using an alphanumeric 
string (up to 32 characters in length). 


Default Values 





By default, there are no configured DHCP address pools. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Use the ip dhcp-server pool to create multiple DHCP server address pools for various segments of the 
network. Multiple address pools can be created to service different segments of the network with tailored 
configurations. 


Usage Examples 





The following example creates a DHCP server address pool (labeled SALES) and enters the DHCP server 
pool mode: 


(config)#ip dhcp-server pool SALES 
(config-dhcp)# 
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ip domain-lookup 


Use the ip domain-lookup command to enable the IP domain naming system (DNS), allowing DNS-based 
host translation (name-to-address). Use the no form of this command to disable DNS. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





Use the ip domain-lookup command to enable the DNS client in the router. This will allow the user to 
input Web addresses instead of IP addresses for applications such as ping, Telnet, and traceroute. 


Usage Examples 





The following example enables DNS: 


(config)#ip domain-lookup 
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ip domain-name <domain name> 


Use the ip domain-name command to define a default IP domain name to be used by AOS to resolve host 
names. Use the no form of this command to disable this function. Variations of this command include: 


ip domain-name <domain name> 
ip domain-name vrf <name> <domain name> 


Syntax Description 





<domain name> Specifies the default IP domain name used to resolve unqualified host 
names. Do not include the initial period that separates the unresolved name 
from the default domain name. 


vrf <name> Optional. Specifies a nondefault VRF for the domain name. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





Use the ip domain-name command to set a default name that will be used to complete any IP host name 
that is invalid (i.e., any name that is not recognized by the name server). When this command is enabled, 
any IP host name that is not initially recognized will have the ip domain-name appended to it and the 
request will be re-sent. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Each VRF instance has its own domain name. Specifying a VRF name in the command applies the domain 
name to the named VRF. Issuing the command without specifying a VRF applies the command to the 
default unnamed VRF. 


Usage Examples 





The following example defines adtran as the default domain name: 


(config)#ip domain-name adtran 


The following example defines adtran as the default domain name for the VRF RED: 


(config)#ip domain-name adtran vrf RED adtran 
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ip domain-proxy 


Use the ip domain-proxy command to enable DNS proxy for the default VRF or for a specified VRF 
instance. This enables the router to act as a proxy for other units on the network. Use the no form of this 
command to disable this feature. Variations of this command include: 


ip domain-proxy 
ip domain-proxy vrf <name> 


Syntax Description 





vrf <name> Optional. Specifies a nondefault VRF on which to enable DNS proxy. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





When this command is enabled, incoming DNS requests will be handled by the router. It will first search its 
host table for the query, and if it is not found there, the request will be forwarded to the servers configured 
with the ip name-server command. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example enables DNS proxy on the default VRF (router): 


(config)#ip domain-proxy 
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ip ffe max-entries <entries> 


Use the ip ffe max-entries command to set the global maximum number of RapidRoute Engine (formerly 
FFE) entries allowed. Use the no form of this command to return to the default value. 





‘ore Issuing this command will cause all RapidRoute entries in the unit to be cleared. 





Syntax Description 





<entries> Specifies the total number of FFE entries for all interfaces. Valid range is 1 
to 32,768. 


Default Values 





By default, the ip ffe max-entries is set to 16,384. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example sets the total maximum number of FFE entries to 500: 


(config)#ip ffe max-entries 500 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 693 


Command Reference Guide Global Configuration Mode Command Set 





ip ffe timeout 


Use the ip ffe timeout command to set the time-to-live for RapidRoute Engine (formerly FFE) entries 
based on their IP protocol. Use the no form of these commands to return to the default value. Variations of 
this command include: 


ip ffe timeout ah <max timeout> 

ip ffe timeout ah <max timeout> <inactive timeout> 

ip ffe timeout esp <max timeout> 

ip ffe timeout esp <max timeout> <inactive timeout> 
ip ffe timeout icmp <max timeout> 

ip ffe timeout icmp <max timeout> <inactive timeout> 
ip ffe timeout other <max timeout> 

ip ffe timeout other <max timeout> <inactive timeout> 
ip ffe timeout tcp <max timeout> 

ip ffe timeout tcp <max timeout> <inactive timeout> 
ip ffe timeout udp <max timeout> 

ip ffe timeout udp <max timeout> <inactive timeout> 


Syntax Description 


ah Specifies timeout values in seconds for Authentication Header Protocol 
(AH). 

esp Specifies timeout values in seconds for Encapsulated Security Protocol 
(ESP). 

icmp Specifies timeout values in seconds for Internet Control Message Protocol 
(ICMP). 

other Specifies timeout values in seconds for all protocols not listed. 

tcp Specifies timeout values in seconds for Transmission Control Protocol 
(TCP). 

udp Specifies timeout values in seconds for User Datagram Protocol (UDP). 

<max timeout> Specifies maximum age timeout in seconds. This is the maximum amount 


of time an entry will be kept in the FFE table regardless of activity. Valid 
range is 60 to 86,400 seconds. 

<inactive timeout> Optional. Specifies idle timeout in seconds. This is the amount of time an 
entry will remain in the FFE table with no additional activity. Valid range is 
10 to 86,400 seconds. 


Default Values 





By default, the maximum age timeouts are set to 1800 seconds and the inactive timeouts are set to 
15 seconds. 


Command History 





Release 13.1 Command was introduced. 
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Usage Examples 





The following example sets time to live (TTL) for TCP packets to 1000 seconds. 


(config)#ip ffe timeout tcp 1000 
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ip firewall 


Use the ip firewall command to enable AOS security features, including access control policies and lists, 
network address translation (NAT), and the stateful inspection firewall. Use the no form of this command 
to disable the security functionality. 





Disabling the AOS security features (using the no ip firewall command) does not affect 
‘one security configuration. All configuration parameters will remain intact, but no security 
data processing will be attempted. 








For information regarding the use of OSPF with ip firewall enabled, refer to the 
Functional Notes for router ospf on page 900. 


‘ore Regarding the use of IKE negotiation for VPN with ip firewall enabled, there can be up to 
six channel groups with 2 to 8 interfaces per group. Dynamic protocols are not yet 
supported (only static). A physical interface can be a member of only one channel group. 








Syntax Description 


No subcommanas. 


Default Values 





By default, all AOS security features are disabled. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





This command enables firewall processing for all interfaces with a configured policy class. Firewall 
processing consists of the following functions: 


Attack Protection: Detects and discards traffic that matches profiles of known networking exploits or 
attacks. 


Session Initiation Control: Allows only sessions that match traffic patterns permitted by access-control 
policies to be initiated through the router. 


Ongoing Session Monitoring and Processing: Each session that has been allowed through the router is 
monitored for any irregularities that match patterns of known attacks or exploits. This traffic will be 
dropped. Also, if NAT is configured, the firewall modifies all traffic associated with the session according to 
the translation rules defined in NAT access policies. Finally, if sessions are inactive for a user-specified 
amount of time, the session will be closed by the firewall. 


Application-Specific Processing: Certain applications need special handling to work correctly in the 
presence of a firewall. AOS uses application-level gateways (ALGs) for these applications. 
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AOS includes several security features to provide controlled access to your network. The following 
features are available when security is enabled (using the ip firewall command): 


1. Stateful Inspection Firewall 


AOS (and your unit) act as an ALG and employ a stateful inspection firewall that protects an organization's 
network from common cyber attacks, including TCP syn-flooding, IP spoofing, ICMP redirect, land attacks, 
ping-of-death, and IP reassembly problems. In addition, further security is added with use of network 
address translation (NAT) and port address translation (PAT) capability. 


2. Access Policies 


AOS access control policies (ACPs) are used to allow, discard, or manipulate (using NAT) data for each 
physical interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT). 
When packets are received on an interface, the configured ACPs are applied to determine whether the 
data will be processed or discarded. 


3. Access Lists 


Access control lists (ACLs) are used as packet selectors by ACPs; by themselves they do nothing. ACLs 
are composed of an ordered list of entries. Each entry contains two parts: an action (permit or deny) and 
a packet pattern. A permit ACL is used to permit packets (meeting the specified pattern) to enter the router 
system. A deny ACL advances AOS to the next access policy entry. AOS provides two types of ACLs: 
standard and extended. Standard ACLs allow source IP address packet patterns only. Extended ACLs 
may specify patterns using most fields in the IP header and the TCP or UDP header. 


Usage Examples 


The following example enables the AOS security features: 


(config)#ip firewall 


Technology Review 





Concepts: Access control using the AOS firewall has two fundamental parts: ACLs and ACPs. ACLs are 
used as packet selectors by other AOS systems; by themselves they do nothing. ACPs consist of a 
selector (ACL) and an action (allow, discard, NAT). ACPs integrate both allow and discard policies with 
NAT. ACPs have no effect until they are assigned to a network interface. 


Both ACLs and ACPs are order dependant. When a packet is evaluated, the matching engine begins with 
the first entry in the list and progresses through the entries until it finds a match. The first entry that 
matches is executed. 
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Packet Flow: 
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Case 1: Packets from interfaces with a configured policy class to any other interface 


ACPs are applied when packets are received on an interface. If an interface has not been assigned a 
policy class, by default it will allow all received traffic to pass through. If an interface has been assigned a 
but the firewall has not been enabled with the ip firewall command, traffic will flow normally from this 
interface with no firewall processing. 


Case 2: Packets that travel in and out a single interface with a configured policy class 


These packets are processed through the ACPs as if they are destined for another interface (identical to 
Case 1). 


Case 3: Packets from interfaces without a configured policy class to interfaces with one policy 
class 


These packets are routed normally and are not processed by the firewall. The ip firewall command has no 
effect on this traffic. 


Case 4: Packets from interfaces without a configured policy class to other interfaces without a 
configured policy class 


This traffic is routed normally. The ip firewall command has no effect on this traffic. 
Attack Protection: 


When the ip firewall command is enabled, firewall attack protection is enabled. AOS blocks traffic 
(matching patterns of known networking exploits) from traveling through the device. For some of these 
attacks, the user may manually disable checking/blocking while other attack checks are always on anytime 
the firewall is enabled. 
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The table (on the following pages) outlines the types of traffic discarded by the firewall attack protection 
engine. Many attacks use similar invalid traffic patterns; therefore, attacks other than the examples listed 
below may also be blocked by the firewall. To determine if a specific attack is blocked by the AOS firewall, 
please contact ADTRAN technical support. 
































Invalid Traffic Pattern Manually | AOS Firewall Response Common 
Enabled? Attacks 
Larger than allowed packets | No Any packets that are longer than those Ping of Death 
defined by standards will be dropped. 
Fragmented IP packets that No The firewall intercepts all fragments for an | SynDrop, 
produce errors when IP packet and attempts to reassemble TearDrop, 
attempting to reassemble them before forwarding to destination. If Opentear, 
any problems or errors are found during Nestea, Targa, 
reassembly, the fragments are dropped. Newtear, 
Bonk, Boink 
Smurf Attack No The firewall will drop any ping responses =| Smurf Attack 
that are not part of an active session. 
IP Spoofing No The firewall will drop any packets with a IP Spoofing 
source IP address that appears to be 
spoofed. The IP route table is used to 
determine if a path to the source address 
is known (out of the interface from which 
the packet was received). For example, if 
a packet with a source IP address of 
10.10.10.1 is received on interface fr 1.16 
and no route to 10.10.10.1 (through 
interface fr 1.16) exists in the route table, 
the packet is dropped. 
ICMP Control Message No The following types of ICMP packets are | Twinge 
Floods and Attacks allowed through the firewall: echo, 
echo-reply, TTL expired, dest. 
Unreachable, and quench. These ICMP 
messages are only allowed if they appear 
to be in response to a valid session. All 
others are discarded. 
Attacks that send TCP URG__| Yes Any TCP packets that have the URG flag | Winnuke, TCP 
packets set are discarded by the firewall. XMAS Scan 
Falsified IP Header Attacks No The firewall verifies that the packet’s Jolt/Jolt2 
actual length matches the length indicated 
in the IP header. If it does not, the packet 
is dropped. 
Echo No All UDP echo packets are discarded by the | Char Gen 











firewall. 











60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 


699 





Command Reference Guide Global Configuration Mode Command Set 














Invalid Traffic Pattern Manually | AOS Firewall Response Common 
Enabled? Attacks 
Land Attack No Any packets with the same source and Land Attack 


destination IP addresses are discarded. 





Broadcast Source IP No Packets with a broadcast source IP 
address are discarded. 








Invalid TCP Initiation No TCP SYN packets that have ack, urg rst, 
Requests or fin flags set are discarded. 
Invalid TCP Segment Number | No The sequence numbers for every active 


TCP session are maintained in the firewall 
session database. If the firewall received a 
segment with an unexpected (or invalid) 

sequence number, the packet is dropped. 





IP Source Route Option No All IP packets containing the IP source 
route option are dropped. 

















Application-Specific Processing 





The following applications and protocols require special processing to operate concurrently with 
NAT/firewall functionality. The AOS firewall includes ALGs for handling these applications and protocols: 


AOL Instant Messenger (AIM®) 
VPN ALGS: ESP and IKE 

FTP 

H.323: H.245 Q.931 ASN1 PER decoding and Encoding 
ICQ® 

IRC 

Microsoft® Games 

Net2Phone 

PPTP 

Quake® 

Real-Time Streaming Protocol 
SMTP 

HTTP 

CUseeme 

SIP 

L2TP 

PcAnywhere™ 

SQL 

Microsoft Gaming Zone 


To determine if a specific application requires special processing, contact ADTRAN technical support at 
www.adtran.com. 
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ip firewall alg 


Use the ip firewall alg command to enable the application-level gateway (ALG) for a particular 
application. Use the no form of this command to disable ALG for the application. 


Variations of this command applicable for nonvoice capable ADTRAN products include the following: 


ip firewall alg ftp 

ip firewall alg h323 

ip firewall alg h323 timeout <number> 
ip firewall alg msn 

ip firewall alg pptp 

ip firewall alg sip 


Variations of this command applicable for voice capable ADTRAN products include the following: 


ip firewall alg ftp 

ip firewall alg h323 

ip firewall alg h323 timeout <number> 
ip firewall alg msn 

ip firewall alg pptp 





The AOS firewall must be enabled (using the ip firewall command) for the stateful 
‘ore inspection firewall to be activated. 





Syntax Description 





ftp Enables the FTP ALG. 


h323 Enables the H.323 ALG. H.323 is a protocol that sets standards for 
multimedia communications over packet-switched networks, allowing 
dissimilar communication devices to communicate with each other via a 
standard communication protocol. 

h323 timeout <number> Optional. Allows the configuration of the timeout for the policy-session that 
controls the H.323 call, and specifies the length of time before the H.323 
call is terminated after a timeout. Range is 1 to 4,294,967,295 seconds. 


msn Enables the MSN ALG. 
pptp Enables the PPTP ALG. 
sip Enables the SIP ALG. This ALG is only used in ADTRAN router and switch 


products, not voice products. 
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Default Values 





All AOS security features are disabled by default until the ip firewall command is issued at the Global 
Configuration prompt. By default, the ALG for FTP, PPTP, and SIP are enabled. Conversely, the ALG for 
MSN and H.323 are disabled by default. There are no SIP ALGs present on voice capable ADTRAN 
products. By default, the timeout value for H.323 is set for 8 hours. 


Command History 





Release 8.1 Command was introduced. 

Release 10.1 Command was expanded to include H.323. 

Release 14.1 Command was expanded to include MSN. 

Release 15.1 Command was expanded to include H.323 timeout feature. 


Functional Notes 





Enabling the ALG for a specific protocol gives the firewall additional information about that complex 
protocol and causes the firewall to perform additional processing for packets of that protocol. When the 
ALG is disabled, the firewall treats the complex protocol as any other simple protocol. The firewall needs 
no special knowledge to work well with simple protocols. 





specified protocol. 


Disabling the IP firewall ALG may cause the firewall to block some of the traffic for the 
UT 





Microsoft Service Network (MSN) ALG Information 


In some instances where the firewall is enabled and traffic is source NATed through the unit, some features 
of MSN's instant messenger program will not work (i.e., file sharing, direct connection, etc.). Enabling the 
MSN ALG allows the firewall to inspect the MSN messaging protocol to allow some of these features to 
work through NAT. If the traffic is not NATed, then this ALG is not required and should be disabled. 


Session Initiation Protocol (SIP) ALG Information 
By default, the AOS SIP ALG is enabled. This ALG allows the firewall to examine the ALL SIP packets it 


identifies and maintain knowledge of SIP transmissions on the network based on the SIP header. 


Usage Examples 





The following example disables ALG for FTP: 
(config)#no ip firewall alg ftp 


The following example enables ALG for MSN: 


(config)#ip firewall alg msn 
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Technology Review 





SIP is one protocol in a suite of protocols that was designed to replace H.323 for IP telephony. SIP 
operates in Layer 7 of the OSI model (application level) to create, modify, and terminate sessions between 
nodes. SIP not only provides recommendations for IP telephony, but multimedia distribution and 
conferences as well. SIP version 1.0 was defined in RFC2453, and was refined to SIP version 2.0 in 
RFC3261. 


SIP operations occur between SIP UAs and SIP servers. Types of SIP servers include proxy, redirect, 
registrar, and presence. The part of a SIP UA that sends messages is known as the user agent client 
(UAC). The part of a SIP UA that receives messages is known as a user agent server (UAS). 


SIP was originally designed for use over User Datagram Protocol (UDP). SIP servers, by default, listen on 
port 5060. Due to security concerns, SIP is now transitioning to TCP and transport layer security (TLS). 
SIP servers using TLS-over-TCP listen on port 5061. SIP UAs listen on a range of ports. 


SIP uses the Session Description Protocol (SDP) to format the SIP message body in order to negotiate a 
Realtime Transport Protocol (RTP)/Realtime Transport Control Protocol (RTCP) connection between two 
or more UAs. The ports used for this will always be selected in a pair, with the even port used for RTP and 
the odd port for RTCP. SIP, because it uses SDP and RTP, causes many problems for standard firewalls. 
Neither SIP nor RTP are guaranteed to be symmetric, thus causing problems for stateful inspection 
firewalls that rely on symmetric flows. SIP and SDP carry IP addresses and ports embedded in the packet, 
and standard NAT implementations only modify the IP and TCP/UDP headers. A true SIP ALG is required 
to modify the packets as needed for NAT, but also to open holes in the firewall as needed for traffic flow 
based on the information carried in the SIP header. 


Enabling the AOS SIP ALG (using the ip firewall alg sip command) configures the firewall to examine the 
ALL SIP packets it identifies and maintain knowledge of SIP transmissions on the network. Since SIP 
packet headers include port information for the call setup, the ALG must intelligently read the packets and 
remember the information. 
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ip firewall attack-log threshold <value> 


Use the ip firewall attack-log threshold command to specify the number of attack mounting attempts 
AOS will identify before generating a log message. Use the no form of this command to return to the 
default threshold. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





<value> Specifies the number of attack mounting attempts AOS will identify before 
generating a log message. Valid range: 0 to 4,294,967,295. 


Default Values 





By default, the ip firewall attack-log threshold is set at 100. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies a threshold of 25 attacks before generating a log message: 


(config)#ip firewall attack-log threshold 25 
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ip firewall check reflexive-traffic 


Use the ip firewall check reflexive-traffic command to enable the AOS stateful inspection firewall to 
process traffic from a primary subnet to a secondary subnet on the same interface through the firewall. Use 
the no form of this command to disable this feature. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





No subcommanas. 


Default Values 


All AOS security features are disabled by default until the ip firewall command is issued at the Global 
Configuration prompt. In addition, the reflexive traffic check is disabled until the ip firewall check 
reflexive-traffic command is issued. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command allows the firewall to process traffic from a primary subnet to a secondary subnet on the 
same interface through the firewall. If enabled, this traffic will be processed through the access policy on 
that interface and any actions specified will be executed on the traffic. 


Usage Examples 





The following example enables the AOS reflexive traffic check: 


(config)#ip firewall check reflexive-traffic 
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ip firewall check rst-seq 


Use the ip firewall check rst-seq command to enable TCP reset sequence number checking. Use the no 
form of this command to disable this feature. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





No subcommanas. 


Default Values 


All AOS security features are disabled by default until the ip firewall command is issued at the Global 
Configuration prompt. In addition, TCP reset sequence number checking is disabled until the ip firewall 
check rst-seq command is issued. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example enables TCP reset sequence number checking: 


(config)#ip firewall check rst-seq 
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ip firewall check syn-flood 


Use the ip firewall check syn-flood command to enable the AOS stateful inspection firewall to filter out 
phony TCP service requests and allow only legitimate requests to pass through. Use the no form of this 
command to disable this feature. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





No subcommanas. 


Default Values 


All AOS security features are inactive until the ip firewall command is issued at the Global Configuration 
prompt. In addition, the SYN-flood check is enabled by default but remains inactive until the ip firewall 
command is issued. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





SYN flooding is a well-known denial-of-service attack on TCP-based services. TCP requires a three-way 
handshake before actual communications begin between two hosts. A server must allocate resources to 
process new connection requests that are received. A potential intruder is capable of transmitting large 
amounts of service requests (in a very short period of time), causing servers to allocate all resources to 
process the phony incoming requests. Using the ip firewall check syn-flood command configures the 
AOS stateful inspection firewall to filter out phony service requests and allow only legitimate requests to 
pass through. 


Usage Examples 
The following example disables the AOS SYN-flood check: 


(config)#no ip firewall check syn-flood 
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ip firewall check winnuke 


Use the ip firewall check winnuke command to enable the AOS stateful inspection firewall to discard all 
out of band (OOB) data (to protect against WinNuke attacks). Use the no form of this command to disable 
this feature. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





No subcommanas. 


Default Values 


All AOS security features are inactive until the ip firewall command is issued at the Global Configuration 
prompt. In addition, WinNuke attack checking is disabled until the ip firewall check winnuke command is 
issued. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





WinNuke attack is a well-known denial-of-service attack on hosts running Microsoft Windows® operating 
systems. An intruder sends out of band (OOB) data over an established connection to a Windows user. 
Windows cannot properly handle the OOB data, and the host reacts unpredictably. Normal shut-down of 
the hosts will generally return all functionality. Using the ip firewall check winnuke command configures 
the AOS stateful inspection firewall to filter all OOB data to prevent network problems. 


Usage Examples 





The following example enables the firewall to filter all OOB data: 


(config)#ip firewall check winnuke 
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ip firewall fast-nat-failover 


Use the ip firewall fast-nat-failover command when destination-specific rules are configured. 
Destination-specific rules are most often used in failover and IP load sharing configurations. Refer to the 
command ip policy-class <name> <action> on page 744 for more information. Use the no form of this 
command to disable this feature. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





No subcommanads. 


Default Values 





All AOS security features are disabled by default until the ip firewall command is issued at the Global 
Configuration prompt. In addition, the fast NAT failover is disabled until the ip firewall fast-nat-failover 
command is issued. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example enables fast-nat-failover: 


(config)#ip firewall fast-nat-failover 
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ip firewall fin-timeout <va/ue> 


Use the ip firewall fin-timeout command to specify the time period allowed for Transport Control 
Protocol (TCP) FIN. Use the no form of this command to return to the default setting. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





<value> Specifies the time period in seconds allowed for TCP FIN. Range is 0 to 
4,294,967 ,295 seconds. 


Default Values 


By default, ip firewall fin-timeout is set to 4 seconds. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 
The following example sets the TCP FIN time period to 120 seconds: 


(config)#ip firewall fin-timeout 120 
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ip firewall nat-preserve-source-port 


Use the ip firewall nat-preserve-source-port command to enable the firewall to preserve the source port 
of a TCP or UDP session for traffic going through source NAT. By enabling this feature, the router will try 
to allocate NAT ports that match the original source ports of the traffic. If the source port is already 
allocated for a different traffic flow, it will choose the next available source port. Use the no form of this 
command to disable this feature. Variations of this command include the following: 


ip firewall nat-preserve-source-port 
ip firewall nat-preserve-source-port record-source-address 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





record-source-address Optional. Specifies that the original source port be preserved for multiple 
TCP/UDP traffic flows with the same source address. 


Default Values 


By default, the nat-preserve-source-port feature is enabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





Specifying record-source-address consumes 250 k of memory per public NAT IP address. Be sure there 
is adequate memory available before enabling this feature. 


Usage Examples 





The following example enables nat-preserve-source-port: 


(config)#ip firewall nat-preserve-source-port 
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ip firewall policy-log threshold <va/lue> 


Use the ip firewall policy-log threshold command to specify the number of connections required by an 
access control policy before AOS will generate a log message. Use the no form of this command to return 
to the default threshold. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





<value> Specifies the number of access policy connections AOS will identify before 
generating a log message. Valid range: 0 to 4,294,967,295. 


Default Values 





By default, the ip firewall policy-log threshold is set to 100. 


Command History 


Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies a threshold of 15 connections before generating a log message: 


(config)#ip firewall policy-log threshold 15 
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ip firewall rst-timeout <va/ue> 


Use the ip firewall rst-timeout command to specify the time period allowed for Transport Control 
Protocol (TCP) reset. Use the no form of this command to return to the default setting. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





<value> Specifies the time period in seconds allowed for TCP reset. Range is 0 to 
4,294,967 ,295 seconds. 


Default Values 


By default, ip firewall rst-timeout is set to 20 seconds. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 
The following example sets the TCP reset time period to 120 seconds: 


(config)#ip firewall rst-timeout 120 
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ip firewall stealth 


Use the ip firewall stealth command to disable Transmission Control Protocol (TCP) reset for denied 
firewall associations. The stealth setting allows the route to be invisible as a route hop to associated 
devices. Use the no form of this command to disable this feature. 





Wor The AOS firewall must be enabled (using the ip firewall command) for the stateful 


inspection firewall to be activated. 





Syntax Description 





No subcommanas. 


Default Values 


All AOS security features are disabled by default until the ip firewall command is issued at the Global 
Configuration prompt. In addition, the stealth option is disabled until the ip firewall stealth command is 
issued. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example enables the stealth option: 


(config)#ip firewall stealth 
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ip firewall vrf <name> 


Use the ip firewall vrf <name> command to enable the firewall for a particular VRF instance. The 
firewall can be enabled or disabled independently for each VRF. Firewall settings are applied globally 
across all VRF instances and cannot be changed on an individual VRF basis. Refer to the ip firewall 
command beginning on page 696 for more information on configuring firewall settings. Use the no form 
of this command to disable the firewall for the specified VRF. 


Syntax Description 





vrf <name> Specifies the VPN routing and forwarding (VRF) instance. 


Default Values 





By default, the firewall is disabled. 


Command History 





Release 17.1 Command was introduced. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


Usage Examples 





The following example enables the firewall on the VRF named RED: 


(config)#ip firewall vrf RED 
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ip flow cache sample one-out-of <number> 


Use the ip flow cache sample one-out-of command to configure the integrated traffic monitoring ITM) 
cache sampling rate. The no form of this command disables sampling. Variations of this command include: 


ip flow cache sample one-out-of <number> deterministic 
ip flow cache sample one-out-of <number> random 


Syntax Description 





deterministic Specifies that traffic flow sampling be done at a fixed rate. 
random Specifies that traffic flow sampling be done at a random rate. 
<number> Specifies the number of traffic flow packets to be observed before another 


packet is sampled. Range is 1 to 255 packets. 


Default Values 





By default, sampling is disabled and every packet is recorded. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command expanded to include deterministic keyword. 


Functional Notes 





Sampling provides a snapshot of traffic flow activity. It allows the cache to collect only one out of a 
specified number of IP packets that the interface is receiving or sending. Often, network traffic arrives in 
fixed patterns. This pattern can make statistics inaccurate if deterministic sampling is used. Therefore, 
random sampling is recommended over deterministic sampling to ensure an accurate sampling of traffic 
flow patterns. By reducing the amount of traffic flow data collected, sampling minimizes memory and CPU 
usage. 


Wor For users of large routers (the NetVanta 5305 for example), a sampling rate of greater 


than or equal to one out of every 100 packets is recommended. 





Usage Examples 





The following example configures ITM to sample one packet out of every 100 at a random sample rate: 


(config)#ip flow cache sample one-out-of 100 random 
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ip flow cache timeout 


Use the ip flow cache timeout command to configure the integrated traffic monitoring (ITM) cache for 
entry expiration. The no form of this command resets the expiration time to the default. Variations of this 
command include: 


ip flow cache timeout active <minutes> 
ip flow cache timeout inactive <seconds> 


Syntax Description 





active <minutes> Specifies the amount of time a single traffic flow that continues to have 
packets detected at the observation point is stored before exportation. 
Range is 1 to 60 minutes. 


inactive <seconds> Specifies the amount of time that idle traffic flows (which no longer have 
packets detected at the observation point) are stored before exportation. 
Range is 10 to 600 seconds. 


Default Values 





By default, active flows are set to expire in 30 minutes, and inactive flows are set to expire in 15 seconds. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





Traffic flow entry expiration can occur in one of three ways: (1) the configured expiration time has passed; 
(2) the Transmission Control Protocol (TCP) connection between the cache and the flow collector has 
expired due to FINISH/RESET signaling; or (3) critical configuration changes have been made (for 
example, changing the sampling rate). The default mode of expiration is based on a configured number of 
minutes for the traffic flow entry to be stored in the cache. 


Usage Examples 





The following example configures an expiration time of 15 minutes for active traffic flow entries: 


(config)#ip flow cache timeout active 15 
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ip flow export 


Use the ip flow export command to configure traffic flow data exportation parameters for integrated 
traffic monitoring (ITM). Use the no form of the command to disable the export functionality or to remove 
an associated destination if multiple entries are specified. Variations of this command include: 


ip flow export destination </p address> <port> 

ip flow export destination </p address> <port> source <interface> 

ip flow export vrf <name> destination <ip address> <port> 

ip flow export vrf <name> destination <ip address> <port> source <interface> 


Syntax Description 





destination <ip address> <port> Specifies the IP address and UDP port through which the destination 
will receive data export packets. 


source <interface> Specifies a source interface to send the data export packets. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id]>. For example, for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; 
and for an ATM subinterface, use atm 1.1. Valid interfaces are those 
that can have an IP address. Type source ? for a complete list of valid 
interfaces. 


vrf <name> Specifies the virtual routing and forwarding (VRF) location to be used in 
data export. 


Default Values 





By default, ip flow export is disabled. 


By default, if no source is specified, the router interface at the hop closest to the data collector will be 
sourced. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





Up to two different destinations can be specified for traffic flow data export. 


Using the source command specifies an interface from which to send the data export packets. If using a 
VRF destination, the source must be on the same VRF as the destination or it will be ignored and the 
routing table will determine the source interface. Most often, a source will only need to be specified for 
security purposes. For example, if an access control list (ACL) is active on the external data collector, a 
source interface may need to be specified. 
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Usage Examples 





The following example configures the export destination to be the external data collector at the IP address 
208.61 .209.5 through the UDP port 1010. 


(config)#ip flow export destination 208.61.209.5 1010 
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ip flow export template 


Use the ip flow export template command to configure template exportation rates for integrated traffic 
monitoring (ITM). Use the no form of the command to return rate values to the default. Variations of this 
command include: 


ip flow export template refresh-rate <packets> 
ip flow export template timeout-rate <minutes> 


Syntax Description 





refresh-rate <packets> Specifies the number of packets to be sent before the template information 
is sent to an external collector. Range is 1 to 600 packets. 


timeout-rate <minutes> Specifies the time in minutes that passes between instances of resending 
the template information. Range is 1 to 3,600 minutes. 


Default Values 


By default, template information is sent every 20 packets, and template information is re-sent every 
30 minutes. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 


The following example configures the template information to be sent every 50 packets: 


(config)#ip flow export template refresh-rate 50 


In the following example, traffic flow template information is configured to resend every 15 minutes: 


(config)#ip flow export template timeout-rate 15 


Technology Review 


When exporting traffic flow data, there are multiple types of information sent to the external data flow 
collector. There is data information about each traffic flow, system information about each traffic flow, and 
the traffic flow record itself. The information about the traffic flow record is called a template. Templates are 
used to describe the types and lengths of individual header fields within a traffic flow data record. 
Templates also communicate to the external data collector what type of information to expect in the ITM 
flow record. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 720 


Command Reference Guide Global Configuration Mode Command Set 





The following tables describe the information contained in each template. 


Table 1. Data Template Information 





Source IP Address 





Destination IP Address 





Transport Protocol Type 





Source Port 





Destination Port 





Type of Service (ToS) Bits 





Packets in a Flow 





Bytes in a Flow 





Interface (Input or Output) 





System Up Time of First Packet 





System Up Time of Last Packet 





Flow Direction 











Table 2. Options (System) Template Information 





Active-Flow Timeout 





Inactive-Flow Timeout 





Sampling Rate 


Sampling Algorithm (Random) 





Total Packets Exported to Collectors 





Total Flows Exported to Collectors 








Total Bytes Exported to Collectors 








Templates are sent to the external data collector after a user-specified number of expired traffic flow 
entries. They are also re-sent periodically at user-defined intervals. The templates must be re-sent 
periodically because User Datagram Protocol (UDP) is often unreliable, and the collector may discard all 
traffic flow data lacking valid template information. 
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ip flow top-talkers 


Use the ip flow top-talkers command to enable Top Talker functionality for integrated traffic monitoring 
(ITM) and enter Top Talker configuration mode. Use the no form of this command to disable the Top 
Talkers functionality and remove all associated settings. 





Wor For Top Talkers functionality to be enabled, ITM must be enabled on an interface. Refer to 


the ip flow egress | ingress command on page 1129 for more information on enabling ITM. 





Syntax Description 





There are no subcommands for this command. 


Default Values 


By default, the Top Talkers feature is disabled. 


Command History 





Release 17.1 Command was introduced. 


Usage Examples 


The following example enables top talkers: 


(config)#ip flow top-talkers 
(config-top-talkers)# 


Technology Review 





Using the internal Top Talkers data collection feature of ITM, several of the most important flow cache 
statistics can be viewed at a glance from within the router itself. The Top Talkers feature incorporates the 
statistics of Top Talkers (top bandwidth users by source IP address), Top Listeners (top bandwidth users by 
destination IP address), and Port Lists (amounts of traffic observed on specific ports) into easily viewed 
output, accessed through either the command line interface (CLI) or Web-based graphical user interface 
(GUI). These statistics are captured by the metering process at the traffic flow observation point, and 
collected as traffic flow entries expire from the flow cache. These statistics allow the user to see the nature 
of traffic being processed by the router without having to configure an external server to collect data. 
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The internal Top Talkers data collector can be enabled instead of or in conjunction with an external data 
collector, or it can operate with no external data collector configured. Because Top Talkers collects and 
processes expired flow cache entries in a separate function from their exportation, it can function 
independently of an external collector. With both an external data collector and Top Talkers enabled, 
expired flow cache entries are sent to both the external data collector and through the Top Talkers 
collector. The separation of Top Talkers collection from external data collectors provides methods of 
separate data collector configuration, therefore, allowing the enablement of only Top Talkers collection, Top 
Talkers collection in addition to external data collection, or external data collection only. For more 
information on the ITM Top Talkers feature, refer to the Integrated Traffic Monitoring Configuration Guide 
available on the AOS Documentation CD shipped with your unit or online at www.adtran.com. 
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ip forward-protocol udp <value> 


Use the ip forward-protocol udp command to specify the protocols and ports AOS allows when 
forwarding broadcast packets. Use the no form of this command to disable a specified protocol or port 
from being forwarded. 


Ry 


Syntax Description 





The ip forward-protocol udp command can be used in conjunction with the ip 
helper-address command, issued in a valid interface, to configure AOS to forward UDP 
broadcast packets. 








<value> Specifies the UDP traffic type (using source port). 


The following is the list of UDP port numbers that may be identified using 
the text name: 


biff (Port 512) 
bootps (Port 67) 
discard (Port 9) 
dnsix (Port 195) 
domain (Port 53) 
echo (Port 7) 
isakmp (Port 500) 
mobileip (Port 434) 


pim-auto-rp (Port 496) 
rip (Port 520) 

snmp (Port 161) 
snmptrap (Port 162) 
sunrpe (Port 111) 
syslog (Port 514) 
tacacs (Port 49) 

talk (Port 517) 


nameserver (Port 42) 
netbios-dgm (Port 138) 
netbios-ns (Port 137) 
netbios-ss (Port 139) 
ntp (Port 123) 


tftp (Port 69) 
time (Port 37) 
who (Port 513) 
xdmcp (Port 177) 


Alternately, the <value> may be specified using the following syntax: 
<0-65535>. Specifies the port number used by UDP to pass information to 
upper layers. All ports below 1024 are considered well-known ports and are 
controlled by the Internet Assigned Numbers Authority (IANA). All ports 
above 1024 are dynamically assigned ports that include registered ports for 
vendor-specific applications. 


Default Values 





By default, AOS forwards broadcast packets for all protocols and ports. 


Command History 





Release 2.1 


Command was introduced. 
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Functional Notes 





Use this command to configure AOS to forward UDP packets across the WAN link to allow remote devices 
to connect to a UDP service on the other side of the WAN link. 


Usage Examples 





The following example forwards all domain name server (DNS) broadcast traffic to the DNS server with IP 
address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface eth 0/1 
(config-eth 0/1)#ip helper-address 192.33.5.99 
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ip ftp access-class <name> in 


Use the ip ftp access-class in command to assign an access policy to all self-bound File Transfer Protocol 
(FTP) sessions. Use the no form of this command to disable this feature. 


Syntax Description 


<name> Specifies the configured access control policy (ACP) to apply to inbound 
FTP traffic. 


Default Values 





By default, all FTP access is allowed. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example applies the configured ACP (labeled Inbound_FTP) to inbound FTP traffic: 


(config)#ip ftp access-class Inbound_FTP in 
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ip ftp server 


Use the ip ftp server to enable the File Transfer Protocol (FTP) server. The default-filesystem option 
specifies the default location for the FTP server to retrieve and store files. Use the no form of this 
command to disable the FTP server. Variations of this command include: 


ip ftp server 
ip ftp server default-filesystem cflash 
ip ftp server default-filesystem flash 


Syntax Description 





default-filesystem cflash Optional. Specifies that the FTP server use CompactFlash® as the default 
file system. 


default-filesystem flash Optional. Specifies that the FTP server use flash as the default file system. 


Default Values 





By default, the ip ftp server default-filesystem is set to flash. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example enables the FTP server and specifies cflash file system as the default: 


(config)#ip ftp server default-filesystem cflash 
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ip ftp source-interface <interface> 
Use the ip ftp source-interface command to use the specified interface’s IP address as the source IP 


address for FTP traffic transmitted by the unit. Use the no form of this command if you do not wish to 
override the normal source IP address. 


Syntax Description 





<interface> Specifies the interface to be used as the source IP address for FTP traffic. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type ip ftp source-interface ? for a complete list of valid 
interfaces. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 

Release 9.1 Command expanded to include HDLC interface. 
Release 14.1 Command expanded to include tunnel interface. 
Release 15.1 Command expanded to include BVI interface. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 





This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 





The following example configures the unit to use the loopback 1 interface as the source IP for FTP traffic: 


(config)#ip ftp source-interface loopback 1 
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ip host 


Use the ip host command to define an IP host name either for the default VRF or for a specified VRF 
instance. This allows you to statically map host names and addresses in the host cache. Use the no form of 
this command to remove defined maps. Variations of this command include: 


ip host <hostname> <ip address> 
ip host vrf <name> <hostname> <ip address> 


Syntax Description 





<hostname> Defines the name of the host. 


<ijpp address> Specifies IP address associated with this IP host. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


vrf <name> Optional. Specifies a nondefault VRF on which to define the IP host name. 


Default Values 





By default, the host table is empty. 


Command History 


Release 3.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





The host name may be any combination of numbers and letters as long as it is not a valid IP address or 
does not exceed 256 characters. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 


The following example defines two static mappings: 


(config)#ip host mac 10.2.0.2 
(config)#ip host dal 172.38.7.12 
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ip http 


Use the ip http command to enable Web access to the unit. Use the no form of these commands to disable 
these features. Variations of this command include: 


ip http access-class <name> in 

ip http authentication <name> 

ip http language </anguage> 

ip http secure-access-class <name> in 
ip http secure-server 

ip http secure-server <name> 

ip http server 

ip http server <name> 

ip http session-limit <number> 

ip http session-timeout <va/ue> 


Syntax Description 





access-class <name> Restricts access to the HTTP server using the specified access control list 
(ACL). 

in Applies to all incoming connections. 

authentication <name> Assigns the specified AAA list to HTTP authentication. 

language </anguage> Specifies the language of the graphical user interface (GUI). Choose from 


[english | frenchcanadian | italian | latinamspanish | 
simplifiedchinese]. 
secure-access-class <name> Restricts access to the HTTPS server using the specified secure ACL. 


secure-server <name> Enables the specified SSL server. 

server <name> Enables the specified HTTP server connection. 

session-limit <number> Sets the maximum number of sessions allowed. Valid range is 0 to 100 
with 100 as the default. 

session-timeout <value> Sets the session timeout value. Valid range is 10 to 86,400 seconds. The 


default is 600. 


Default Values 


By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 13.1 Command expanded to include Italian. 
Release 14.1 Command expanded to include French Canadian, Latin America Spanish, 


and Simplified Chinese languages. 
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Usage Examples 





The following example enables Web access to the router: 


(config)#ip http server 
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ip http source-interface <interface> 


Use the ip http source-interface command to specify a source interface for Hypertext Transfer Protocol 
(HTTP) traffic originated by the unit. The IP address of the specified interface will be used to source all 
HTTP traffic. Use the no form of this command if you do not wish to override the default source IP 
address. 





‘wore This command pertains to the HTTP Client and not the HTTP server. 





Syntax Description 





<interface> Specifies the source interface for HTTP traffic. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a 
wireless virtual access point, use dot11ap 1/1.1. Type ip http 
source-interface ? for a complete list of valid interfaces. 


Default Values 





By default, no HTTP source interface is defined. 


Command History 





Release 16.1 Command was introduced. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 


This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 





The following example configures the unit to use the loopback 1 interface as the source IP for HTTP 
traffic: 


(config)#ip http source-interface loopback 1 
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ip igmp join </p address> 


Use the ip igmp join command to instruct the router stack to join a specific group. The stack may join 
multiple groups. Use the no form of this command to disable this feature. 


Syntax Description 


<ijpp address> Specifies the IP address of a multicast group. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command aids in debugging, allowing the router’s IP stack to connect to and respond on a multicast 
group. The local stack operates as an IGMP host on the attached segment. In multicast stub applications, 
the global helper address takes care of forwarding IGMP joins/responses on the upstream interface. The 

router may respond to ICMP echo requests for the joined groups. 


Usage Examples 





The following example configures the unit to join with the specified multicast group: 


(config)#ip igmp join 172.0.1.50 
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ip igmp snooping 


Use the ip igmp snooping command to globally enable Internet Group Management Protocol (IGMP) 
snooping. Use the no form of this command to disable global IGMP snooping. 





Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is 
‘ore disabled, you cannot enable VLAN IGMP snooping. If global snooping is enabled, you can 
enable or disable VLAN IGMP snooping. 





Syntax Description 





No subcommands. 


Default Values 


By default, IGMP snooping is enabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





IGMP snooping is a method of preventing switches from flooding all ports with received multicast streams. 
By monitoring the conversations between a host and a router, the switch can determine which multicast 
streams will interest a host and load its own forwarding tables to take advantage of that knowledge. When 
the host sends a leave message to the router, the switch removes the entries after a timeout period. 


Usage Examples 


The following example globally enables IGMP snooping: 


(config)#ip igmp snooping 
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ip igmp snooping vian <vian id> 


Use the ip igmp snooping vlan command to enable Internet Group Management Protocol (IGMP) 
snooping on the specified virtual local area network (VLAN). Use the no form of this command to disable 
VLAN IGMP snooping. 





Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is 
disabled, you cannot enable VLAN IGMP snooping. If global snooping is enabled, you can 

‘one enable or disable VLAN IGMP snooping. Refer to ip igmp snooping on page 734 for more 
information. 





Syntax Description 





<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4095. 


Default Values 
By default, VLAN IGMP snooping is enabled. 





Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example enables IGMP snooping on VLAN 1: 


(config)#ip igmp snooping vlan 1 
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ip igmp snooping vian <vi/an id> mrouter interface <interface> 


Use the ip igmp snooping vlan mrouter interface command to add a static connection to a multicast 
router. Use the no form of this command to remove a static connection to a multicast router. 





Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is 
disabled, you cannot enable VLAN IGMP snooping. If global snooping is enabled, you can 

‘one enable or disable VLAN IGMP snooping. Refer to ip igmp snooping on page 734 for more 
information. 





Syntax Description 





<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


<interface> Specifies an interface to be added to the multicast router. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type ip 
igmp snooping vian <vian id> mrouter interface ? for a complete list of 
applicable interfaces. 


Default Values 


No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example adds Ethernet interface 0/1 to the list of multicast router interfaces: 


(config)#ip igmp snooping vian 1 mrouter interface ethernet 0/1 
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ip igmp snooping vlan <vian id> static <mac address> 
interface <interface> 


Use the ip igmp snooping vlan static interface command to statically configure a Layer 2 interface as a 
member of a multicast group. Use the no form of this command to remove a Layer 2 interface from a 


multicast group. 





Global IGMP snooping overrides the VLAN IGMP snooping. If global snooping is 
disabled, you cannot enable VLAN IGMP snooping. If global snooping is enabled, you can 
‘ore enable or disable VLAN IGMP snooping. Refer to ip igmp snooping on page 734 for more 


information. 


Syntax Description 





<vian id> 
<mac address> 


<interface> 


Default Values 


Specifies the VLAN ID of the multicast group. Range is 1 to 4094. 


Specifies the group’s 48-bit MAC address. MAC addresses should be 
expressed in the following format xx:xx:xx:xx:xx:xx (for example, 
00:A0:C8:00:00:01). 

Specifies an interface identification for the member interface. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use doti1ap 1/1.1. Type ip 
igmp snooping vlan <vian id> static <mac address> interface ? for a 
complete list of applicable interfaces. 





No default value necessary for this command. 


Command History 


Release 12.1 


Command was introduced. 
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Functional Notes 





There are two types of multicast addresses: MAC addresses and IP addresses. A multicast IP address is a 
Class D address (224.0.0.0 to 239.255.255.255). These addresses are also referred to as group 
destination addresses (GDAs). Each GDA has an associated multicast MAC address. A multicast MAC 
address is formed by using the prefix 01-00-5e followed by the last 23 bits of the GDA. The <mac address> 
specified in this command must be a multicast MAC address. The following table shows examples of 
multicast MAC addresses. 


Multicast Addresses 

















Multicast IP Address Multicast MAC Address 
226.10.10.10 01-00-5e-0a-0a-0a 
228.20.20.20 01-00-5e-14-14-14 
230.30.30.30 01-00-5e-1e-1e-1e 














This mapping of IP addresses is a many-to-one relationship. For example, 226.10.10.10 maps to the same 
MAC address as 227.10.10.10. The entire Class D network is not available for multicast. The following 
table shows the reserved addresses. 


Reserved Multicast IP Addresses 





224.0.0.1 All Multicast-capable hosts 

224.0.0.2 All Multicast-capable routers 

224.0.0.5 and 224.0.0.6 | Reserved for OSPF 

224.0.0.1 to 224.0.0.255 | Generally reserved for various protocols 























Usage Examples 


The following example configures the Ethernet interface 0/1 as a member of the multicast group with 
multicast MAC address 01:00:5E:01:01:01: 


(config)#ip igmp snooping vian 1 static 01:00:5E:01:01:01 interface ethernet 0/1 
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ip load-sharing 


Use the ip load-sharing command to configure whether parallel routes in the route table are used to 
load-share forwarded packets. If this command is disabled, the route table uses a single “best” route for a 
given subnet. If this command is enabled, the route table can use multiple “best” routes and alternate 
between them. Use the no form of this command to disable this feature. Variations of this command 
include: 


ip load-sharing per-destination 
ip load-sharing per-packet 


Syntax Description 





per-destination Specifies that the route used for forwarding a packet be based on a hash of 
the source and destination IP address in the packet. 


per-packet Specifies that each forwarding route lookup rotates through all the parallel 
“best” routes. (Parallel routes are defined as routes to the same subnet with 
the same metrics that only differ by their next hop address.) 


Default Values 





By default, ip load-sharing is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example turns on load-sharing per destination: 


(config)#ip load-sharing per-destination 


The following example disables load-sharing: 


(config)#no ip load-sharing 
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ip local policy route-map <name> 


Use the ip local policy route-map command to specify a route map for local policy routing on the device. 
This setting is applied to the local network interface. It can be further specified to a specific VRF by adding 
the VRF name. Use the no form of this command to return to the default route map. Variations of this 
command include: 


ip local policy route-map <name> 
ip local policy route-map <name> vrf <vrf name> 


Syntax Description 





<name> Specify the name of the route map. 
vrf <vrf name> Optional. Specifies a nondefault VRF on which to define the local policy 
route-map. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





Before a route map can be specified, it must first be defined using the route-map command. Refer to 
route-map on page 898 for more information. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


There is only one local policy for each VRF instance. 


Usage Examples 





The following example specifies a route map entitled myMap for local policy routing: 


(config)#ip local policy route-map myMap 
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ip mcast-stub helper-address <ip address> 


Use the ip meast-stub helper-address command to specify an IP address toward which IGMP host reports 
and leave messages are forwarded. This command is used in IP multicast stub applications in conjunction 
with the ip mcast-stub downstream and ip mcast-stub upstream commands. Use the no form of this 
command to return to default. 


Syntax Description 





<ijpp address> Specifies the address to which the IGMP host reports and leave messages 
are forwarded. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 





By default, no helper-address is configured. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





The helper address is configured globally and applies to all multicast-stub downstream interfaces. The 
address specified may be the next upstream hop or any upstream address on the distribution tree for the 
multicast source, up to and including the multicast source. The router selects, from the list of multicast-stub 
upstream interfaces, the interface on the shortest path to the specified address. The router then proxies, 
on the selected upstream interface (using an IGMP host function), any host joins/leaves received on the 
downstream interface(s). The router retransmits these reports with addresses set as if the report originated 
from the selected upstream interface. 


For example, if the router receives multiple joins for a group, it will not send any extra joins out the 
upstream interface. Also, if it receives a leave, it will not send a leave until it is certain that there are no 
more subscribers on any downstream interface. 


Usage Examples 





The following example specifies 172.45.6.99 as the helper address: 
(config)#ip mcast-stub helper-address 172.45.6.99 
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ip multicast-routing 


Use the ip multicast-routing command to enable the multicast router process. The command does not 
affect other multicast-related configurations. Use the no form of this command to disable this feature. 
Disabling this command prevents multicast forwarding, but does not remove other multicast commands 
and processes. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example enables multicast functionality: 


(config)#ip multicast-routing 
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ip name-server 


Use the ip name-server command to designate one or more name servers to use for name-to-address 
resolution. This command can be applied to the default VRF or a specific VRF instance. Use the no form 
of this command to remove any addresses previously specified. Variations of this command include: 


ip name-server </p address 1> 

ip name-server <ip address1> <ip address2> 

ip name-server <ip address1> <ip address2> <ip address3> 

ip name-server <ip address1> <ip address2> <ip address3> <ip address4> 

ip name-server <ip address1> <ip address2> <ip address3> <ip address4> <ip address5> 

ip name-server </p address1> <ip address2> <ip address3> <ip address4> <ip address5> <ip address6> 

ip name-server vrf <name> <ip address 1> 

ip name-server vrf <name> <ip address 1> <ip address2> 

ip name-server vrf <name> <ip address1> <ip address2> <ip address3> 

ip name-server vrf <name> <ip address1> <ip address2> <ip address3> <ip address4> 

ip name-server vrf <name> <ip address 1> <ip address2> <ip address3> <ip address4> <ip address5> 

ip name-server vrf <name> <ip address1> <ip address2> <ip address3> <ip address4> <ip address5> 
<ijp address6> 


Syntax Description 





<ijp address 1-6> Specifies up to six name-server addresses. 
vrf <name> Optional. Specifies a nondefault VRF where the name-server exists. 


Default Values 





By default, no name servers are specified. 


Command History 





Release 3.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example specifies host 172.34.1.111 as the primary name server and host 172.34.1.2 as the 
secondary server: 


(config)#ip name-server 172.34.1.111 172.34.1.2 
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ip policy-class <name> <action> 


Use the ip policy-class command to create an access control policy (ACP) and enter the ACP command 
set. Use the no form of this command to delete an access policy and all the entries contained in 
it. Variations of this command include: 


ip policy-class <name> <action> 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘one configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 








affected by the policy. If a policy is applied to the interface you are connecting 


Before applying an ACP to an interface, verify your Telnet connection will not be 
UT! 
| } through and it does not allow Telnet traffic, your connection will be lost. 





Syntax Description 





<name> Identifies the configured access policy using an alphanumeric descriptor 
(maximum of 255 characters). All access policy descriptors are case 
sensitive. 

<action> allow list <ac/ name> [policy <acp name> | self] [stateless] 


All packets permitted by the access control list (ACL) will be allowed to 
enter the interface to which the policy class is assigned and an association 
will be created in the firewall. All associations created by the allow list are 
subject to the built-in firewall timers (refer to ip policy-timeout <protocol> 
<range> <port> <value> on page 753). All packets denied by the ACL will 
be processed by the next policy class entry or implicitly discarded if no 
further policy class entries exist. 


When the policy <acp name> is specified, the firewall attempts to match 
the specified access policy with the access policy that is applied to the 
packet's egress interface as determined by the routing table or policy-based 
routing configuration. If there is a match, the firewall will process the packet. 
If there is no match, the firewall will process the packet based on the next 
policy class entry or implicitly discard it if no further policy class entries 
exist. 


When the self keyword is applied, packets permitted by the ACL destined 
for any local interface on the unit will be allowed. These packets are 
terminated by the unit and are not routed or forwarded to other destinations. 
Using the self keyword is helpful when opening up remote administrative 
access to the unit (Telnet, SSH, ICMP, GUI). 
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When the stateless keyword is applied, traffic is not subject to the built-in 
firewall timers. Stateless traffic bypasses the application-level gateways 
(ALGs). Stateless processing is helpful when passing traffic over VPN 
tunnels. Traffic sent over VPN tunnels is purposely selected and encrypted; 
there is no need to firewall the traffic as well. VPN configurations created 
using the VPN Wizard in the GUI use stateless processing by default. 


allow reverse list <ac/ name> [policy <acp name> | self] [stateless] 


The allow reverse list command is identical in function to the allow list 
command with the exception of the reverse keyword. The reverse keyword 
instructs the firewall to use the source information as the destination 
information and vice versa in the specified ACL. 


discard list <acl name> [policy <acp name> | self] 


All packets permitted by the ACL will be explicitly discarded upon entering 
the interface that the policy class is assigned to. All packets denied by the 
ACL will be processed by the next policy class entry or implicitly discarded if 
no further policy class entries exist. 


When the policy <acp name> is specified, the firewall attempts to match 
the specified access policy with the access policy that is applied to the 
packet's egress interface as determined by the routing table or policy-based 
routing configuration. If there is a match, the firewall will process the packet. 
If there is no match, the firewall will process the packet based on the next 
policy class entry or implicitly discard it if no further policy class entries 
exist. 


When the self keyword is applied, packets permitted by the ACL destined 
for any local interface on the unit will be implicitly discarded. 


nat source list <ac/ name> address <ip address> [vrf <name>] overload 
[policy <acp name>] [no-alg] 


or 


nat source list <ac/ name> interface <interface> overload [policy <acp 
name>] [no-alg] 


All packets permitted by the ACL entering the interface to which the policy 
class is assigned will translate the source IP address of the packet to the 
specified address or interface and an association will be created in the 
firewall. The address keyword specifies the IP address from which the 
translated packets will be sourced. The primary IP address of an interface is 
used as the source IP for translated packets when the interface keyword is 
applied. This function is commonly referred to as a “many-to-one NAT”. All 
associations created by the nat source list are subject to the built-in 
firewall timers (refer to jp policy-timeout <protocol> <range> <port> <value> 
on page 753). All packets denied by the extended ACL will be processed by 
the next policy class entry or implicitly discarded if no further policy class 
entries exist. 
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The optional vrf <vrf name> parameter specifies the VPN routing and 
Forwarding (VRF) instance from which to route the packet. The VRF does 
not have to be the same VRF from which the packet originated. VRF on an 
AOS product allows a single physical router to be partitioned into multiple 
virtual routers. Each router instance has its own route table and interface 
assignments. Beginning with Release 16.1, all AOS routers supporting 
multiple VRF instances (multi-VRF) have an unnamed default VRF instance 
regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the 
default unnamed VRF. 


The overload command is not optional and must be used when using the 
nat source list command. 


When the policy <acp name> is specified, the firewall attempts to match 
the specified access policy with the access policy that is applied to the 
packet's egress interface as determined by the routing table or policy-based 
routing configuration. If there is a match, the firewall will process the packet. 
If there is no match, the firewall will process the packet based on the next 
policy class entry or implicitly discard it if no further policy class entries 
exist. 


The optional no-alg parameter allows packets matching the policy class 
entry to traverse the firewall without being processed by the ALGs. This 
parameter, along with the appropriate ACL, prevents specific sources from 
being processed by the ALGs. This option can be used to prevent specific 
hosts from being URL filtered by configuring a policy-class entry with the 
no-alg parameter that matches specific hosts followed by another policy 
class entry that matches remaining hosts. The no-alg parameter can be 
placed before or after the policy <acp name> parameter. 


nat destination list <extended acl name> address <ip address> 
[vrf <name>] [port <port>] [no-alg] 


All packets permitted by the specified extended ACL entering the interface 
that the policy class is assigned to will translate the destination IP address 
of the packet to the specified address, and an association will be created in 
the firewall. The address keyword specifies the private IP host to which the 
translated packets are destined. All associations created by the nat 
destination list are subject to the built-in firewall timers (refer to ip 
policy-timeout <protocol> <range> <port> <value> on page 753). All 
packets denied by the extended ACL will be processed by the next policy 
class entry or implicitly discarded if no further policy class entries exist. The 
port keyword is used to translate the original destination port to a 
user-specified port. 


The optional no-alg parameter allows packets matching the policy class 
entry to traverse the firewall without being processed by the ALGs. This 
parameter, along with the appropriate ACL, provides a way to prevent 
specific destinations from being processed by the ALGs. 
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The optional vrf <vrf name> parameter specifies the VPN routing and 
forwarding (VRF) instance from which to route the packet. The VRF does 
not have to be the same VRF from which the packet originated. VRF on an 
AOS product allows a single physical router to be partitioned into multiple 
virtual routers. Each router instance has its own route table and interface 
assignments. Beginning with Release 16.1, all AOS routers supporting 
multiple VRF instances (multi-VRF) have an unnamed default VRF instance 
regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the 
default unnamed VRF. 


Default Values 


By default, all AOS security features are disabled and there are no configured access lists. 


Command History 





Release 2.1 Command was introduced. 
Release 16.1 Command was expanded to include no-alg parameter. 
Release 17.1 Command was expanded to include the VRF parameter. 


Functional Notes 





AOS access control policies are used to allow, discard, or manipulate (using NAT) data for each physical 
interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT). When 
packets are received on an interface, the configured ACPs are applied to determine whether the data will 
be processed or discarded. 


An implicit discard exists at the end of every policy class. Specifying a discard list is 
unnecessary in most applications and should be used with caution. A discard list can 


adversely affect certain functions of a unit (VPN, routing protocols, etc.). Specifying an 
empty ACL or a nonexistent ACL in a policy class will result in an implicit permit. 





Usage Examples 


The following is an example of adding policy class entries (ACL self and ACL MATCHALL) to a policy class 
named Private: 


(config)#ip policy-class Private 
(config-policy-class)#allow list self self 
(config-policy-class)#nat destination list MATCHALL interface ppp 1 overload 


The following is a sample output of the configuration after issuing these commands: 


! 
ip access-list standard wizard-ics 
remark Internet Connection Sharing 


permit any 
| 
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ip access-list extended self 
remark Traffic to NetVanta 
permit ip any any log 

| 

ip policy-class Private 
allow list self self 


nat source list wizard-ics interface ppp 1 overload 
| 


Technology Review 





Creating access policies and lists to regulate traffic through the routed network is a four-step process: 


Step 1: 
Enable the security features of AOS using the ip firewall command. 


Step 2: 

Create an ACL to permit or deny specified traffic. Standard ACLs match based on the source of the packet. 
Extended ACLs match based on the source and destination of the packet. Sources can be expressed in 
one of four ways: 


1. Using the keyword any to match any IP address. 
2. Using host <ip address> to specify a single host address. 


3. Using the <ip address> <wildcard> format to match all IP addresses in a range. Wildcard masks work 
in reverse logic from subnet masks. Specifying 255 in any octet of the wildcard mask equates to a 
“don’t care”. 


4. Using the keyword hostname to match based on a DNS name. The unit must be configured with DNS 
servers for this function to work. 


Step 3: 

Create an access policy that uses a configured access list. AOS access policies are used to allow, discard, 
or manipulate (using NAT) data for each physical interface. Each ACP consists of a selector (access list) 
and an action (allow, discard, NAT). When packets are received on an interface, the configured ACPs are 
applied to determine whether the data will be processed or discarded. Possible actions performed by the 
access policy are as follows: 


allow list <ac/ name> 

allow list <ac/ name> stateless 

allow list <ac/ name> policy <aco name> 

allow list <acil name> policy <aco name> stateless 

allow list <ac/ name> self 

allow list <ac/ name> self stateless 

discard list <ac/ name> 

discard list <ac/ name> policy <acp name> 

discard list <ac/ name> self 

nat destination list <ac/ name> address <ip address> no-alg 
nat destination list <ac/ name> address <ip address> port <port number> 
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nat destination list <ac/ name> address <ip address> port <port number> no-alg 

nat destination list <ac/ name> address <ip address> vrf <vrf name> 

nat destination list <ac/ name> address <ip address> vrf <vrf name> no-alg 

nat destination list <ac/ name> address <ip address> vrf <vif name> port <port number> 

nat destination list <ac/ name> address <ip address> vrf <vrf name> port <port number> no-alg 
nat source list <ac/ name> address <ip address> overload 

nat source list <ac/ name> address <ip address> overload no-alg 

nat source list <ac/ name> address <ip address> overload no-alg policy <acp name> 

nat source list <ac/ name> address <ip address> overload policy <acp name> 

nat source list <ac/ name> address <ip address> vrf <vrf name> overload 

nat source list <ac/ name> address <ip address> vrf <vrf name> overload no-alg 

nat source list <ac/ name> address <ip address> vrf <vrf name> overload no-alg policy <acp name> 
nat source list <ac/ name> address <ip address> vrf <vrf name> overload policy <acp name> 
nat source list <ac/ name> interface <interface> overload 

nat source list <ac/ name> interface <interface> policy <acp name> 


Step 4: 

Apply the created access policy to an interface. To assign an access policy to an interface, enter the 
interface configuration mode for the desired interface and enter access policy <acp name>. The following 
example assigns access policy MatchAll to the Ethernet 0/1 interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#access-policy MatchAll 
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ip policy-class 


Use the ip policy-class max-sessions and ip policy-class max-host-sessions commands to create or alter 
settings for an access control policy (ACP). For more details on IP policy class functionality in AOS, refer 
to ip policy-class <name> <action> on page 744. Use the no form of this command to delete an access 
policy and all the entries contained in it. Variations of this command include the following: 


ip policy-class max-sessions <number> 
ip policy-class <name> max-host-sessions <number> 
ip policy-class <name> max-sessions <number> 


Syntax Description 





<name> Identifies the configured access policy using an alphanumeric descriptor 
(maximum of 255 characters). All access policy descriptors are case 
sensitive. 

max-sessions <number> Specifies the maximum number of allowed policy sessions. Identifying a 


policy name sets the session limit only for the named policy. Using this 
command without specifying a policy name sets the limit for the total 
number of allowed sessions for all policies on the device. 
This number must be within the appropriate range limits. The limits are 
either 1 to 4000 or 1 to 30,000 (depending on the type of AOS device you 
are using). Setting this value to zero turns the feature off. 
max-host-sessions <number> Specifies the maximum number of allowed policy sessions that can be 
created from each unique source address. This command is used in 
conjunction with a named policy and only applies the limit to that 
particular policy. 
The number must be within the appropriate range limits. The limits are 
either 1 to 4000 or 1 to 30,000 (depending on the type of AOS device you 
are using). Setting this value to O turns the feature off. 


Default Values 


By default, all AOS security features are disabled and there are no configured access lists. 


Command History 





Release 2.1 Command was introduced. 
Release 12.1 Command was expanded. 
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Usage Examples 





The following example allows no more than 100 policy sessions to be sourced from a single host IP 
address on the Private policy class: 


(config)#ip policy-class Private max-host-sessions 100 


The number of maximum sessions can be set with or without a policy name. 
The following example sets a total global limit of 55,700 policy sessions allowed on all policy classes: 


(config)#ip policy-class max-sessions 55700 


The following example allows no more than 100 policy sessions on the Private policy class: 


(config)#ip policy-class Private max-sessions 100 


The following example removes the policy sessions limit on the Private policy class: 


(config)#no ip policy-class Private max-sessions 100 
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ip policy-class <name> rpf-check 


Use the ip policy-class rpf-check command to verify that traffic has entered on the appropriate interface 
using a route lookup. Reverse path forwarding (RPF) is essentially a spoofing check. For more details on 
IP policy class functionality in AOS, refer to ip policy-class <name> <action> on page 744. Use the no 
form of this command to disable this feature. 


Syntax Description 





<name> Identifies the configured access policy using an alphanumeric descriptor 
(maximum of 255 characters). All access policy descriptors are case 
sensitive. 

rpf-check Enables RPF check (spoofing). 


Default Values 





This command is enabled by default. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





The rpf-check feature should be disabled if your application allows incoming traffic on policy classes that 
do not match the route table’s source destination specifications. This feature can be disabled on a per 
policy class basis by issuing the command in conjunction with the policy class name you do not want to be 
checked. 


Usage Examples 





The following example turns off the rpf-check feature for the Private policy class: 


(config)#no ip policy-class Private rpf-check 
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ip policy-timeout <protocol> <range> <port> <value> 
Use multiple ip policy-timeout commands to customize timeout intervals for protocols (TCP, UDP, 


ICMP, AHP, GRE, ESP) or specific services (by listing the particular port number). Use the no form of 
this command to return to the default timeout values. 


Syntax Description 





<protocol> Specifies the data protocol, such as ICMP, TCP, UDP, AHP, GRE, or ESP. 
<range> Optional. Customizes timeout intervals for a range of TCP or UDP ports. 
<port> Specifies the service port to apply the timeout value to; valid only for 


specifying TCP and UDP services (not allowed for ICMP). 


The following is the list of TCP port numbers that may be identified using 
the text name (in bold): 


all-ports kshell (Port 544) 
bgp (Port 179) login (Port 513) 
chargen (Port 19) Ipd (Port 515) 
cmd (Port 514) nntp (Port 119) 
daytime (Port 13) pim-auto-rp (Port 496) 
discard (Port 9) pop2 (Port 109) 
domain (Port 53) pops (Port 110) 
echo (Port 7) smtp (Port 25) 
exec (Port 512) ssh (Port 22) 
finger (Port 79) sunrpc (Port 111) 
ftp (Port 21) syslog (Port 514) 
ftp-data (Port 20) tacacs (Port 49) 
gopher (Port 70) talk (Port 517) 
hostname (Port 101) telnet (Port 23) 
https (Port 443) time (Port 37) 
ident (Port 113) uucp (Port 540) 
irc (Port 194) whois (Port 43) 
klogin (Port 543) www (Port 80) 


The following is the list of UDP port numbers that may be identified using 
the text name (in bold): 


all-ports ntp (Port 123) 

biff (Port 512) pim-auto-rp (Port 496) 
bootpc (Port 68) rip (Port 520) 

bootps (Port 67) snmp (Port 161) 
discard (Port 9) snmptrap (Port 162) 
dnsix (Port 195) sunrpce (Port 111) 
domain (Port 53) syslog (Port 514) 
echo (Port 7) tacacs (Port 49) 
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isakmp (Port 500) talk (Port 517) 
mobile-ip (Port 434) tftp (Port 69) 
nameserver (Port 42) time (Port 37) 
netbios-dgm (Port 138) who (Port 513) 
netbios-ns (Port 137) xdmcp (Port 177) 
netbios-ss (Port 139) 
<value> Specifies the wait interval (in seconds) before an active session is closed. 


Valid range is 0 to 4,294,967,295 seconds. 


Default Values 





<value> The following default policy timeout intervals values apply: 
tcp (600 seconds; 10 minutes) 
udp (60 seconds; 1 minute) 
icmp (60 seconds; 1 minute) 
ahp (60 seconds; 1 minute) 
gre (60 seconds; 1 minute) 
esp (60 seconds; 1 minute) 


Command History 





Release 2.1 Command was introduced. 
Release 11.1 Added AHP, GRE, and ESP policies. 


Usage Examples 





The following example creates customized policy timeouts for the following: 


Internet traffic (TCP Port 80) timeout 24 hours (86400 seconds) 
Telnet (TCP Port 23) timeout 20 minutes (1200 seconds) 

FTP (21) timeout 5 minutes (800 seconds) 

All other TCP services timeout 8 minutes (480 seconds) 


config)#ip policy-timeout tcp www 86400 
config)#ip policy-timeout tcp telnet 1200 
config)#ip policy-timeout tcp ftp 300 

config)#ip policy-timeout tcp all_ports 480 


aN aN 


The following example creates customized policy timeouts for UDP NetBIOS ports 137 to 139 of 
200 seconds and UDP ports 6000 to 7000 of 300 seconds: 


(config)#ip policy-timeout udp range netbios-ns netbios-ss 200 
(config)#ip policy-timeout udp range 6000 7000 300 


The following example creates a customized policy timeout of 1200 seconds for ESP: 


(config)#ip policy-timeout esp 1200 
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The following example creates a customized policy timeout of 1200 seconds for GRE: 


(config)#ip policy-timeout gre 1200 


The following example creates a customized policy timeout of 1200 seconds for AHP: 


(config)#ip policy-timeout ahp 1200 
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ip prefix-list <name> description <‘text’> 


Use the ip prefix-list description command to create and name prefix lists. Use the no form of this 
command to remove a prefix list. 


Syntax Description 


<name> Specifies a particular prefix list. 


description <‘text’> Assigns text (enclosed in quotation marks) used as a description for the 
prefix list. Maximum length is 80 characters. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command adds a string of up to 80 characters as a description for a prefix list. It also creates the 
prefix list if a prefix list of that name does not already exist. 


Usage Examples 





The following example adds a description to the prefix-list test: 


(config)#ip prefix-list test description “An example prefix list” 
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ip prefix-list <name> seq <number> 


Use the ip prefix-list seq command to specify a prefix to be matched or a range of mask lengths. Use the 
no form of this command to remove a prefix list. Variations of this command include: 


ip prefix-list <name> seq <number> deny <network ip /length> 

ip prefix-list <name> seq <number> deny <network ip /Jlength> ge <value> 
ip prefix-list <name> seq <number> deny <network ip /length> le <value> 
ip prefix-list <name> seq <number> permit <network ip /length> 

ip prefix-list <name> seq <number> permit <network ip /length> ge <value> 
ip prefix-list <name> seq <number> permit <network ip /length> le <value> 


Syntax Description 





<listname> Specifies a particular prefix list. 


<number> Specifies the entry's unique sequence number that determines the 
processing order. Lower numbered entries are processed first. Range is 
1 to 4,294,967,294. 


permit <network ip /length> Permits access to entries matching the specified network IP address and 
the corresponding network prefix length (for example, 10.10.10.1 /24). 


deny <network ip /length> Denies access to entries matching the specified network IP address and the 
corresponding network prefix length (for example, 10.10.10.1 /24). 


le <value> Specifies the upper end of the range. Range is 0 to 32. 
ge <value> Specifies the lower end of the range. Range is 0 to 32. 


Default Values 





If no ge or le parameters are specified, an exact match is assumed. If only ge is specified, the range is 
assumed to be from ge-value to 32. If only le is specified, the range is assumed to be from len to le-value. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command specifies a prefix to be matched. Optionally, it may specify a range of mask lengths. The 
following rule must be followed: len < ge-value < le-value. A prefix list with no entries allows all routes. A 
route that does not match any entries in a prefix list is dropped. As soon as a route is permitted or denied, 
there is no further processing of the rule in the prefix list. A route that is denied at the beginning entry of a 
prefix list will not be allowed, even if it matches a permitting entry further down the list. 
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Usage Examples 





The following example creates a prefix list entry in the prefix list test matching only the 10.0.0.0/8 network: 


(config)#ip prefix-list test seq 5 deny 10.0.0.0/8 


The following example creates a prefix list entry in the prefix list test matching any network of length 24 or 
less: 


(config)#ip prefix-list test seq 10 permit 0.0.0.0/0 le 24 
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ip radius source-interface <interface> 
Use the ip radius source-interface command to specify the network attached storage (NAS) IP address 


attribute passed with the RADIUS authentication request packet. Use the no form of this command to 
remove a defined source interface. 


Syntax Description 





<interface> Specifies the source interface. Specify an interface in the format <interface 
type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip radius 
source-interface ? for a complete list of interfaces. 


Default Values 





By default, no source interface is defined. 


Command History 





Release 5.1 Command was introduced. 

Release 14.1 Command expanded to include tunnel interface. 
Release 15.1 Command expanded to include BVI interface. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 





lf this value is not defined, the address of the source network interface is used. 


Usage Examples 





The following example configures the Ethernet 0/1 port to be the source interface: 


(config)#ip radius source-interface ethernet 0/1 


The following example configures the BVI 1 interface to be the source interface: 


(config)#ip radius source-interface bvi 1 
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ip route 


Use the ip route command to add a static route to the route table. Use the no form of this command to 
remove a configured static route. Variations of this command include: 


ip route <ip address> <subnet mask> <interface> 

ip route <ip address> <subnet mask> <interface> <administrative distance> 

ip route </p address> <subnet mask> <ip address> 

ip route </p address> <subnet mask> <ip address> <administrative distance> 

ip route </p address> <subnet mask> null 0 

ip route </p address> <subnet mask> null 0 <administrative distance> 

ip route </p address> <subnet mask> <interface> <administrative distance> track <name> 

ip route </p address> <subnet mask> <ip address> <administrative distance> track <name> 

ip route </p address> <subnet mask> <interface> tag <number> 

ip route </p address> <subnet mask> <interface> <administrative distance> tag <number> 

ip route </p address> <subnet mask> <interface> <administrative distance> track <name> tag <number> 

ip route </p address> <subnet mask> <ip address> <administrative distance> track <name> tag 
<number> 


Syntax Description 


<ijpp address> Specifies the network address to add to the route table. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


[<interface> | <ip address>] Specifies the far end IP address or an egress interface in the unit. Use the 
ip route <ip address> <subnet mask> ? command to display a complete list 
of egress interfaces. 


null 0 Optional. Routes traffic destined for the specified network to the null 
interface. The router drops all packets destined for the null interface. Use 
the null interface to allow the router to advertise a route, but not forward 
traffic to the route. 


<administrative distance> Optional. Specifies an administrative distance associated with a particular 
router used to determine the best route when multiple routes to the same 
destination exist. The smaller the administrative distance, the more 
preferable the route. Range is 1 to 255. 


track <name> Optional. Enables tracking on the indicated route. Once the named track 
enters a fail state, the route specified by the command is disabled and traffic 
will no longer be routed using that route. For more information on 
configuring tracks, refer to track <name> on page 947. 


tag <number> Optional. Specifies a number to use as a tag for this route. Route tags are 
used to label and filter routes when dynamically redistributing routes into a 
routing protocol (such as RIP/OSPF/BGP). Range is 1 to 65,535. 
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Default Values 





By default, there are no configured routes in the route table, and the tag of 0 is applied to the route. 


Command History 





Release 1.1 Command was introduced. 

Release 9.1 Tunnel added as a supported interface. 

Release 11.1 Demand added as a supported interface. 

Release 13.1 Command expanded to include track feature. 

Release 15.1 Command expanded to include route tagging capability. 


Usage Examples 





The following example adds a static route to the 10.220.0.0/16 network through the next-hop router 
192.22.45.254 and a default route to 175.44.2.10: 


(config)#ip route 10.220.0.0 255.255.0.0 192.22.45.254 
(config)#ip route 0.0.0.0 0.0.0.0 175.44.2.10 
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ip route vrf 


Use the ip route vrf command to create a static route in one of the nondefault VRF instances. Use the no 
form of the command to remove the static route. Variations of this command include: 


ip route vrf <name> <ip address> <subnet mask> <interface> 

ip route vrf <name> <ip address> <subnet mask> <interface> <distance> 
ip route vrf <name> <ip address> <subnet mask> <ip address> 

ip route vrf <name> <ip address> <subnet mask> <ip address> <distance> 
ip route vrf <name> <ip address> <subnet mask> null 0 

ip route vrf <name> <ip address> <subnet mask> null 0 <distance> 


ip route vrf <name> <ip address> <subnet mask> <interface> tag <number> 
ip route vrf <name> <ip address> <subnet mask> <ip address> tag <number> 
ip route vrf <name> <ip address> <subnet mask> null 0 tag <number> 


ip route vrf <name> <ip address> <subnet mask> <interface> track <name> 
ip route vrf <name> <ip address> <subnet mask> <ip address> track <name> 
ip route vrf <name> <ip address> <subnet mask> null 0 track <name> 


ip route vrf <name> <ip address> <subnet mask> <interface> <distance> track <name> 
ip route vrf <name> <ip address> <subnet mask> <ip address> <distance> track <name> 
ip route vrf <name> <ip address> <subnet mask> null 0 <distance> track <name> 


ip route vrf <name> <ip address> <subnet mask> <interface> <distance> tag <number> 
ip route vrf <name> <ip address> <subnet mask> <ip address> <distance> tag <number> 
ip route vrf <name> <ip address> <subnet mask> null 0 <distance> tag <number> 


ip route vrf <name> <ip address> <subnet mask> <interface> track <name> tag <number> 

ip route vrf <name> <ip address> <subnet mask> <ip address> track <name> tag <number> 

ip route vrf <name> <ip address> <subnet mask> null 0 track <name> tag <number> 

ip route vrf <name> <ip address> <subnet mask> <interface> <distance> track <name> tag <number> 
ip route vrf <name> <ip address> <subnet mask> <ip address> <distance> track <name> tag <number> 
ip route vrf <name> <ip address> <subnet mask> null 0 track <name> tag <number> 


Syntax Description 





<name> Specifies the name of the VRF instance. 


<ijpp address> Specifies the network address to add to the route table. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). Valid prefix lengths are 0 to 32. 
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[<interface> | <ip address>] Specifies the far end IP address or an egress interface in the unit. Use the 
ip route <ip address> <subnet mask> ? command to display a complete list 
of egress interfaces. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


null 0 Optional. Routes traffic destined for the specified network to the null 
interface. The router drops all packets destined for the null interface. Use 
the null interface to allow the router to advertise a route, but not forward 
traffic to the route. 


<distance> Optional. Specifies an administrative distance associated with a particular 
router used to determine the best route when multiple routes to the same 
destination exist. The smaller the administrative distance, the more 
preferable the route. Range is 1 to 255. 


track <name> Optional. Enables tracking on the indicated route. Once the named track 
enters a fail state, the route specified by the command is disabled and traffic 
will no longer be routed using that route. For more information on 
configuring tracks, refer to track <name> on page 947. 


tag <number> Optional. Specifies a number to use as a tag for this route. Route tags are 
used to label and filter routes when dynamically redistributing routes into a 
routing protocol (such as RIP/OSPF/BGP). Range is 1 to 65,535. 


Default Values 





No default values necessary for this command. 


Command History 


Release 16.1 Command was introduced. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


The VRF must have already been created (using the ip vrf <name> route-distinguisher <number> 
command) before static routes can be configured. 


Usage Examples 





The following example adds a static route to the routing and forwarding tables used for the VRF RED: 


(config)#ip route vrf RED 10.220.0.0 255.255.0.0 192.22.45.254 
(config)#ip route vrf RED 0.0.0.0 0.0.0.0 175.44.2.10 
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ip routing 


Use the ip routing command to enable the AOS IP routing functionality. Use the no form of this command 


to disable IP routing. 


Syntax Description 


No subcommanads. 


Default Values 





By default, IP routing is enabled. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables the AOS IP routing functionality: 


(config)#ip routing 
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ip rtp firewall-traversal 


Use the ip rtp firewall-traversal command to enable dynamic firewall traversal capability for RTP-based 
traffic, allowing deep packet inspection of SDP packets to occur so RTP will correctly traverse NAT in the 
firewall. This will open the proper ports dynamically for the RTP traffic. Use the no form of this command 
to return to the default setting. Variations of this command include: 


ip rtp firewall-traversal 
ip rtp firewall-traversal policy-timeout <value> 
ip rtp firewall-traversal reuse-nat-ports 


Syntax Description 





policy-timeout <value> Optional. Specifies timeout period in seconds allowed for inactive RTP 
sessions to remain in the firewall. Range is 1 to 4,294,967,295 seconds. 


reuse-nat-ports Optional. Specifies that NAT ports be reused during calls. 


Default Values 





By default, the RTP dynamic firewall traversal is disabled and the policy timeout period is 45 seconds. 


Command History 





Release 10.1 Command was introduced. 
Release 14.1 Command was updated to include reuse-nat-ports. 


Functional Notes 





SIP uses the Session Description Protocol (SDP) to format the SIP message body in order to negotiate a 
Realtime Transport Protocol (RTP)/Realtime Transport Control Protocol (RTCP) connection between two 

or more user agents (UAs). The ports used for this will always be selected in a pair, with the even port used 
for RTP and the odd port for RTCP. 


The SIP ALG (enabled using the ip firewall alg sip) configures the firewall to examine the ALL SIP 
packets it identifies and maintain knowledge of SIP transmissions on the network. Since SIP packet 
headers include port information for the call setup, the ALG must intelligently read the packets and 
remember the information. 


For a full SIP implementation, dynamic firewall traversal for RTP traffic must also be enabled using the ip 
rtp firewall-traversal command. This allows the firewall to open the proper ports for the RTP traffic 
between UAs. For more details on SIP functionality in AOS, refer to the Functional Notes and Technology 
Review sections of the command ip firewall alg on page 701. 


Usage Examples 





The following example enables dynamic firewall traversal, and sets the policy timeout period at 60 
seconds: 


(config)#ip rtp firewall-traversal policy-timeout 60 
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ip rtp qos dscp <value> 


Use the ip rtp qos dscp command to configure the differentiated services code-point (DSCP) value with 
which to mark IP Realtime Transport Protocol (RTP) packets. This marking can then be used by the 
quality of service (QoS) mechanisms to give priority for this type of traffic in the unit. Use the no form of 
this command to disable this feature. 


Syntax Description 





<value> Specifies the DSCP value. Valid range is 0 to 63. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the DSCP value to 63: 


(config)#ip rtp qos dscp 63 
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ip rtp quality-monitoring 


Use the ip rtp quality-monitoring command to globally enable voice quality monitoring (VQM) of the 
Realtime Transport Protocol (RTP) voice stream packets. Use the no form of this command to return to the 
default setting. Variations of this command include: 


ip rtp quality-monitoring 

ip rtp quality-monitoring filter access-class <ac/> 

ip rtp quality-monitoring filter user <S/P header> 

ip rtp quality-monitoring sampling one-out-of <va/ue> 
ip rtp quality-monitoring scoring-adjustment japan 

ip rtp quality-monitoring sip 

ip rtp quality-monitoring udp 


Syntax Description 


filter Specify the filter(s) to limit the RTP traffic monitored by VQM. 


access-class <acil> Specify the access control list(s) (ACLs) to limit the RTP streams that will 
be monitored. If no ACL is defined, all calls will be monitored. 





user <S/P header> Specify the calls to be monitored based on their To or From header fields. 
Only the RTP streams that match the specified header(s) will be 
monitored. If no user filters are defined, all cals! will be monitored (except 
when limited by ACL(s) or the sampling rate. 


sampling one-out-of <value> Specifies the sampling rate. The subset can be a number in the range of 1 
to 100. 


scoring-adjustment japan Sets the region for scoring adjustment for Japan. In Japan, the mean 
opinion score (MOS) statistics are calculated differently than in other 
regions. VQM must be disabled and then enabled again for this setting to 
take effect. 

sip Enables the SIP ALG, SIP proxy, or B2BUA (as available) to mark firewall 
holes created for RTP streams for monitoring of voice quality on these 
streams. Issuing this command will enable VQM without a scoring 
adjustment region. 

udp Enables User Datagram Protocol (UDP) packet inspection to determine if 
VQM should monitor RTP traffic. Issuing this command will enable VQM 
without a scoring adjustment region. 


Default Values 





By default, the RTP quality monitoring is disabled and there is no scoring adjustment locale set. 


Command History 


Release 17.1 Command was introduced. 
Release A1 Command was expanded to include the filters and AOS voice products. 
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Usage Examples 





The following example enables RTP quality monitoring: 


(config)#ip rtp quality-monitoring 
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ip rtp quality-monitoring history 


Use the ip rtp quality-monitoring history command to specify the category and number of previously 
completed call statistics to store. Use the no form of this command to return to the default setting. 
Variations of this command include: 


ip rtp quality-monitoring history 

ip rtp quality-monitoring history cq-mos <value> 

ip rtp quality-monitoring history jitter <va/ue> 

ip rtp quality-monitoring history loss <va/lue> 

ip rtp quality-monitoring history lq-mos <value> 

ip rtp quality-monitoring history max-streams <value> 
ip rtp quality-monitoring history out-of-order <value> 
ip rtp quality-monitoring history pq-mos <val/ue> 


Syntax Description 


cq-mos <value> Specifies a threshold for the conversational quality (CQ) mean opinion 
score (MOS), and stores statistics below this threshold. The range is 0 to 
4.4. 

jitter <value> Specifies a threshold for the jitter. Statistics above this threshold are stored 


as jitter. The packet-to-packet delay variation is measured in milliseconds 
(from nAvgPDV). The range is 0 to 30000. 


loss <value> Specifies a threshold for loss (in packets). Statistics above this threshold is 
stored as lost packets. The range is 0 to 30000. 


Iq-mos <value> Specifies a threshold for the listening quality (LQ) MOS, and stores statistics 
below this threshold. The range is 0 to 4.4. 

max-streams <value> Specifies a number of previously completed call statistics to store. This is a 
count of RTP streams; each call can contain two RTP streams. The range is 
0 to 2000. 

out-of-order <value> Specifies a threshold for out-of-order packets to be logged. Statistics above 
this threshold are stored. The range is 0 to 30000. 

pq-mos <value> Specifies a threshold for LQ MOS normalized to the PESQ (PQ) scale, and 


stores statistics below this threshold. The range is 0 to 4.4. 


Default Values 





By default, the maximum number of RTP streams allowed in the history is 100. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 
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Functional Notes 





As calls complete, settings configured using this command are examined to determine whether the call 
should be stored in the call history. The maximum number of streams to store may be configured; newer 
calls will replace the oldest calls when the call history is full. The MOS score, loss, out-of-order packets, 
and jitter can also be examined when a call completes. By default, all calls are stored in the call-history. 
However, if threshold values are changed from their defaults, only calls with poorer quality than these 
nondefault thresholds will be stored. 


Usage Examples 





The following example enables RTP quality monitoring history to store a maximum of 250 RTP streams: 


(config)#ip rtp quality-monitoring history max-streams 250 
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ip rtp quality-monitoring jitter-buffer 


Use the ip rtp quality-monitoring jitter-buffer command to specify the jitter buffer type and 
configuration for the jitter buffer emulator (JBE) that generates the observable jitter statistics in RTP 
quality monitoring. Use the no form of this command to return to the default setting. Variations of this 
command include: 


ip rtp quality-monitoring jitter-buffer 
ip rtp quality-monitoring jitter-buffer adaptive min <de/ay> nominal <va/ue> max <value> 
ip rtp quality-monitoring jitter-buffer fixed nominal <va/ue> jitter-buffer-size <va/ue> 


Syntax Description 





adaptive min <delay> Specifies the minimum acceptable jitter buffer delay to be used by the JBE. 
The range is 10 to 240 milliseconds. 


nominal <value> Specifies the starting delay applied to packets of the emulated jitter buffer. 
The range is 10 to 240 milliseconds. 


max <value> Specifies the maximum delay that the adaptive jitter buffer will be allowed to 
use. The range is 40 to 320 milliseconds. 


fixed nominal <value> Specifies the actual fixed delay that would be applied to the packet in a 
nonemulated jitter buffer. The range is 4 to 250 milliseconds. There is no 
default setting. 


jitter-buffer-size <value> Specifies the number of packets that the emulated jitter buffer can hold. The 
range is 10 to 500 packets. There is no default setting. 


Default Values 


By default, the jitter buffer is set to adaptive min 10 nominal 50 max 200. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example enables the JBE to hold up to 175 packets in fixed mode: 


(config)#ip rtp quality-monitoring jitter-buffer fixed nominal 50 jitter-buffer-size 175 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 771 


Command Reference Guide Global Configuration Mode Command Set 





ip rtp quality-monitoring jitter-threshold 


Use the ip rtp quality-monitoring jitter-threshold command to specify the jitter thresholds that will be 
considered early or late packet arrivals. Changing the jitter threshold will not impact currently active calls, 
only the calls placed after the configuration change has taken place. Use the no form of this command to 
return to the default setting. Variations of this command include: 


ip rtp quality-monitoring jitter-threshold early <va/ue> 
ip rtp quality-monitoring jitter-threshold late <va/ue> 


Syntax Description 





early <value> Specifies the time by which packets are deemed to have arrived early. The 
range is 0 to 1000 milliseconds. 


late <value> Specifies the time by which packets are deemed to have arrived late. The 
range is 0 to 1000 milliseconds. 


Default Values 
By default, jitter thresholds are set to early 10, and late 60. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example specifies the late jitter threshold at 45 ms: 


(config)#ip rtp quality-monitoring jitter-threshold late 45 
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ip rtp quality-monitoring round-trip-delay 


Use the ip rtp quality-monitoring round-trip-delay command to specify type of round-trip testing. The 
endpoints and local units must be synchronized (time and date) for the timestamp method to be accurate, 
and any firewalls between the endpoints must be configured to allow ICMP traffic to pass. Use the no form 
of this command to return to the default setting. Variations of this command include: 


ip rtp quality-monitoring round-trip-delay icmp-ping <value> 
ip rtp quality-monitoring round-trip-delay icmp-timestamp <val/ue> 


Syntax Description 





icmp-ping <value> Specifies the use of ICMP echo requests for calculating round-trip delay. 


icmp-timestamp <value> Specifies the use of ICMP timestamp echo requests with icmp-ping for 
more accurate results. 


Default Values 


By default, the determination type is icmp-ping. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example specifies timestamp requests as the determination type for round-trip delay: 


(config)#ip rtp quality-monitoring round-trip-delay icmp-timestamp 
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ip rtp quality-monitoring threshold jitter 


Use the ip rtp quality-monitoring threshold jitter command to specify threshold values for logging jitter 
events during RTP quality monitoring. Calls with lower quality than the specified thresholds will be 
logged as the defined type (info, notice, warning, or error). Use the no form of this command to return to 
the default setting. Variations of this command include: 


ip rtp quality-monitoring threshold jitter error 

ip rtp quality-monitoring threshold jitter error <va/ue> 

ip rtp quality-monitoring threshold jitter info 

ip rtp quality-monitoring threshold jitter info <va/ue> 

ip rtp quality-monitoring threshold jitter notice 

ip rtp quality-monitoring threshold jitter notice <va/ue> 
ip rtp quality-monitoring threshold jitter warning 

ip rtp quality-monitoring threshold jitter warning <value> 


Syntax Description 


error <value> Specifies the threshold for jitter error messages to be logged. The range is 
0 to 30000. 

info <value> Specifies the threshold for jitter information messages to be logged. The 
range is 0 to 30000. 

notice <value> Specifies the threshold for jitter notice messages to be logged. The range is 
0 to 30000. 

warning <value> Specifies the threshold for jitter warning messages to be logged. The range 
is 0 to 30000. 


Default Values 





By default, the jitter logging thresholds are info 0, notice 250, warning 350, error 450. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example enables RTP quality monitoring jitter warning messages to be logged if jitter occurs 
above 200 ms: 


(config)#ip rtp quality-monitoring threshold jitter warning 200 
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ip rtp quality-monitoring threshold loss 


Use the ip rtp quality-monitoring threshold loss command to specify threshold values for logging lost 
packet events during RTP quality monitoring. Calls with lower quality than the specified thresholds will be 
logged as the defined type (info, notice, warning, or error). Use the no form of this command to return to 
the default setting. Variations of this command include: 


ip rtp quality-monitoring threshold loss error 

ip rtp quality-monitoring threshold loss error <value> 

ip rtp quality-monitoring threshold loss info 

ip rtp quality-monitoring threshold loss info <value> 

ip rtp quality-monitoring threshold loss notice 

ip rtp quality-monitoring threshold loss notice <value> 
ip rtp quality-monitoring threshold loss warning 

ip rtp quality-monitoring threshold loss warning <value> 


Syntax Description 


error <value> Specifies the threshold for lost packets error messages to be logged. The 
range is 0 to 30,000. 

info <value> Specifies the threshold for lost packets information messages to be logged. 
The range is 0 to 30,000. 

notice <value> Specifies the threshold for lost packets notice messages to be logged. The 
range is 0 to 30,000. 

warning <value> Specifies the threshold for lost packets warning messages to be logged. 


The range is 0 to 30,000. 


Default Values 





By default, the lost packets thresholds are info 0, notice 25, warning 50, error 100. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example enables RTP quality monitoring lost packets info messages to be logged if loss 
occur above 10 packets: 


(config)#ip rtp quality-monitoring threshold loss info 10 
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ip rtp quality-monitoring threshold lq-mos 


Use the ip rtp quality-monitoring threshold lq-mos command to specify threshold values for logging 
listening quality (LQ) MOS events during RTP quality monitoring. Calls with lower quality than the 
specified thresholds will be logged as the defined type (info, notice, warning, or error). Use the no form 
of this command to return to the default setting. Variations of this command include: 


ip rtp quality-monitoring threshold lq-mos error 

ip rtp quality-monitoring threshold lq-mos error <value> 

ip rtp quality-monitoring threshold lq-mos info 

ip rtp quality-monitoring threshold Ilq-mos info <va/ue> 

ip rtp quality-monitoring threshold lq-mos notice 

ip rtp quality-monitoring threshold Iq-mos notice <va/ue> 
ip rtp quality-monitoring threshold lq-mos warning 

ip rtp quality-monitoring threshold lq-mos warning <value> 


Syntax Description 


error <value> Specifies the threshold for LQ MOS error messages to be logged. The 
range is 0 to 4.4. 

info <value> Specifies the threshold for LQ MOS information messages to be logged. 
The range is 0 to 4.4. 

notice <value> Specifies the threshold for LQ MOS notice messages to be logged. The 


range is 0 to 4.4. 


warning <value> Specifies the threshold for LQ MOS warning messages to be logged. The 
range is 0 to 4.4. 


Default Values 
By default, the LQ MOS thresholds are info 4.40, notice 4.00, warning 3.60, error 2.60. 





Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example enables RTP quality monitoring LQ MOS info messages to be logged if MOS 
statistics occur below 4.25: 


(config)#ip rtp quality-monitoring threshold Iq-mos info 4.25 
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ip rtp quality-monitoring threshold pq-mos 


Use the ip rtp quality-monitoring threshold pq-mos command to specify threshold values for logging 
listening quality MOS normalized to the PESQ (PQ) scale events during RTP quality monitoring. Calls 
with lower quality than the specified thresholds will be logged as the defined type (info, notice, warning, 
or error). Use the no form of this command to return to the default setting. Variations of this command 
include: 


ip rtp quality-monitoring threshold pq-mos error 

ip rtp quality-monitoring threshold pq-mos error <va/lue> 

ip rtp quality-monitoring threshold pq-mos info 

ip rtp quality-monitoring threshold pq-mos info <value> 

ip rtp quality-monitoring threshold pq-mos notice 

ip rtp quality-monitoring threshold pq-mos notice <va/ue> 
ip rtp quality-monitoring threshold pq-mos warning 

ip rtp quality-monitoring threshold pq-mos warning <value> 


Syntax Description 





error <value> Specifies the threshold for listening quality PQ MOS error messages to be 
logged. The range is 0 to 4.4. 

info <value> Specifies the threshold for listening quality PQ MOS information messages 
to be logged. The range is 0 to 4.4. 

notice <value> Specifies the threshold for listening quality PQ MOS notice messages to be 


logged. The range is 0 to 4.4. 


warning <value> Specifies the threshold for listening quality PQ MOS warning messages to 
be logged. The range is 0 to 4.4. 


Default Values 
By default, the PQ MOS thresholds are info 4.40, notice 4.00, warning 3.60, error 2.60. 





Command History 





Release 17.1 Command was introduced. 
Release A1 Command was introduced in the AOS voice products. 


Usage Examples 





The following example enables RTP quality monitoring listening quality PQ MOS info messages to be 
logged if the MOS occurs below 4.25: 


(config)#ip rtp quality-monitoring threshold pq-mos info 4.25 
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ip rtp symmetric-filter 


Use the ip rtp symmetric-filter command to enable filtering of received nonsymmetric Rapid Transport 
Protocol (RTP) packets. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanas. 


Default Values 





By default, the RTP symmetric filter is disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example enables ip rtp symmetric-filter: 


(config)#ip rtp symmetric-filter 
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ip rtp udp <number> 


Use the ip rtp udp command to configure a global starting User Datagram Protocol (UDP) port for Rapid 
Transport Protocol (RTP). Use the no form of this command to remove a configured UDP port. 


Syntax Description 
<number> Specifies the value of the starting UDP port. Valid range is 1026 to 60,000. 


Default Values 





The default value for this command is 10000. 


Command History 





Release 10.1 Command was introduced. 
Release 14.1 Command was updated. 


Usage Examples 





The following example configures 2000 as the starting value of the UDP port: 


(config)#ip rtp udp 2000 
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ip scp server 


Use the ip scp server command to enable the secure copy server functionality in AOS. Enabling the secure 
copy server allows AOS to support the transfer of files using a secure connection. A secure connection 
helps provide protection against outside forces gaining access to configuration files. An external secure 
copy server is required to facilitate the transfers from the terminal. Use the no form of this command to 
disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the secure copy server is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 
The following example enables the secure copy server function: 


(config)#ip scp server 
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ip sdp grammar hold 


Use the ip sdp grammar hold command to specify how to format hold messages in Session Description 
Protocol (SDP) announcements. Use the no form of this command to return to the default value. Variations 
of this command include the following: 


ip sdp grammar hold rfc2543 
ip sdp grammar hold rfc3264 


Syntax Description 





rfc2543 Specifies the use of RFC2543 for formatting hold messages. 
rfc3264 Specifies the use of RFC3264 for formatting hold messages. 


Default Values 





By default, RFC2543 is used for formatting hold messages. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example specifies to use RFC3264 to format hold messages: 


(config)#ip sdp grammar hold rfc3264 
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ip sip 
Use the ip sip command to enable the AOS Session Initiation Protocol (SIP) stack. When the SIP stack is 
enabled, memory is allocated for SIP functionality. For more details on SIP operation, refer to the 


Technology Review section of the command ip firewall alg on page 701. Use the no form of this command 
to disable the SIP stack. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the SIP stack is disabled. Refer to the Functional Notes section below for more details on the 
default state of SIP operation in AOS. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 


By default, the AOS SIP ALG is enabled. This ALG allows the firewall to examine the ALL SIP packets it 
identifies and maintain knowledge of SIP transmissions on the network based on the SIP header. The SIP 
ALG requires the use of the SIP stack and the SIP proxy server in order to properly route SIP calls and 
maintain the SIP information. When the SIP ALG is enabled, the SIP stack and SIP proxy server are 
automatically enabled. For proper SIP operation, the firewall must also be configured to allow for dynamic 
holes for the RTP/RTCP traffic associated with SIP calls between user agents (UAs). This functionality 
must be manually enabled using the ip rtp firewall-traversal command. 


To completely disable SIP operation in AOS, the following commands should be entered: no ip firewall 
alg sip, no ip sip, and no ip rtp firewall-traversal. The no ip firewall alg sip command disables the SIP 
ALG. The no ip sip command disables the SIP stack and frees all memory allocated to the stack. 


Usage Examples 





The following example enables SIP stack: 


(config)#ip sip 
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ip sip access-class <name> in 


Use the ip sip access-class command to specify which traffic reaches the Session Initiation Protocol (SIP) 
stack. Unless restricted, all incoming voice traffic is allowed to reach the SIP stack. Use the ip sip 
access-class command multiple times to manually add access control lists (ACLs). Use the no form of this 
command to disable this feature. 


Syntax Description 





<name> Specifies the name of a previously configured ACL. 


Default Values 





By default, no ACLs are assigned. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example specifies an IP SIP ACL name of HSV: 


(config)#ip sip access-class HSV in 
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ip sip database local 
Use the ip sip database local command to store the location database of Session Initiation Protocol (SIP) 


user agents (UAs) across a power loss using memory on the local router. Use the no form of this command 
to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies storing the location database on the local router: 


(config)#ip sip database local 
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ip sip default-call-routing 


Use the ip sip default-call-routing command to specify the method to route a call in the internal 
transaction distribution unit (TDU) when the destination of a call is ambiguous. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip sip default-call-routing proxy 
ip sip default-call-routing reject 
ip sip default-call-routing switchboard 


Syntax Description 





proxy Specifies using the Session Initiation Protocol (SIP) proxy server to route the call. 
reject Specifies rejecting the call. 
switchboard Specifies using the internal switchboard to route the call. 


Default Values 





By default, proxy is the default call routing setting. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example uses the switchboard to route the calls: 


(config)#ip sip default-call-routing switchboard 
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ip sip emergency-call-routing 


Use the ip sip emergency-call-routing command to set up emergency call routing. Multiple emergency 
call routing number templates can be entered. Use the no form of this command to return to the default 
setting. Variations of this command include: 


ip sip emergency-call-routing accept <femplate> 
ip sip emergency-call-routing local 

ip sip emergency-call-routing proxy 

ip sip emergency-call-routing reject <template> 


Syntax Description 





<template> Specifies a phone number pattern for this template. Valid characters 
include: 
0-9 Match exact digit only. 
X Match any single digit 0 through 9. 
N Match any single digit 2 through 9. 
M Match any single digit 1 through 8. 
[ ] Match any digit in the list. For example: [1,4,6] matches 1, 4, and 6 only. 
[1-3, 5] matches 1, 2, 3, and 5. 


accept Accepts calls matching the specified template. 

local Specifies sending all emergency calls through the switchboard. 

proxy Specifies sending all emergency calls through an external softswitch via the 
SIP proxy server before routing the calls to the switchboard. 

reject Rejects calls matching the specified template. 


Default Values 





The default is local, and no accept/reject templates are configured. By default, there are no emergency 
call templates configured. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example accepts emergency calls matching the specified number template: 


(config)#ip sip proxy emergency-call-routing accept 256 555 NXXX 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 786 


Command Reference Guide Global Configuration Mode Command Set 





ip sip grammar alert-info url <ur/> 


Use the ip sip grammar alert-info url command to specify the Alert-Info header host in outbound Session 
Initiation Protocol (SIP) messages. Use the no form of this command to return to the default setting. 


Syntax Description 
<url> Specifies an HTTP URL to be used in the Alert-Info header for IP phone tone. 


Default Values 
By default, the local loopback address is the host in the Alert-Info header (127.0.0.1). 





Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example sets the Alert-Info header to use a specific URL as shown in the sample header 
below: 


(config)#ip sip grammar alert-info url www.notused.com 


Sample header: 
Alert-Info:<http://www.notused.com>;info=alert-internal 
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ip sip grammar 


Use the ip sip grammar privacy command to populate privacy lists, indicating how caller ID is handled. 
Use the no form of this command to return to the default setting. Variations of this command include: 


ip sip grammar default-privacy critical 

ip sip grammar default-privacy header 

ip sip grammar default-privacy none 

ip sip grammar default-privacy session 

ip sip grammar default-privacy user 

ip sip grammar restricted-privacy critical 
ip sip grammar restricted-privacy header 
ip sip grammar restricted-privacy none 

ip sip grammar restricted-privacy session 
ip sip grammar restricted-privacy user 


Syntax Description 





default-privacy Specifies entries into the default-privacy list for unrestricted caller ID calls. 

restricted-privacy Specifies entries into the restricted-privacy list for restricted caller ID calls. 

critical Adds critical to the Privacy header format. At least one other entry must be 
added to the list when using this setting. 

header Adds header to the Privacy header format. 

none Adds none to the Privacy header format. No other entries can be added to 
the list when using this setting. 

session Adds session to the Privacy header format. 

user Adds user to the Privacy header format. 


Default Values 





By default, both privacy lists are empty. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example sets all calls to have session privacy: 


(config)#ip sip grammar default-privacy session 
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ip sip grammar from 


Use the ip sip grammar from command to configure the From header on Session Initiation Protocol (SIP) 
messages. Use the no form of this command to return to the default setting. Variations of this command 
include: 


ip sip grammar from host domain 

ip sip grammar from host local 

ip sip grammar from host sip-server 

ip sip grammar from user domestic 

ip sip grammar from user domestic <7xx> 

ip sip grammar from user international 

ip sip grammar from user international <7xx> 


Syntax Description 





host Specifies the Host field formatting. 

user Specifies the User field formatting. 

domain Specifies the Domain for formatting the header. 

local Specifies the Local IP for formatting the header. 
sip-server Specifies the SIP server for formatting the header. 
domestic Sends the number as specified by the calling party. 
international Sends the number with E.164 formatting. 

< TXx> Optional. Indicates a two-digit trunk identifier (i.e., TO1). 


Default Values 





By default, the host for formatting messages is sip-server. Also, the default for the user format is 
domestic. 


Command History 





Release 11.1 Command was introduced. 
Release 13.1 Expanded to include domestic and international formats for the From User 
header. 


Functional Notes 





Omitting the trunk option when issuing the ip sip grammar from user command specifies the User header 
globally. 


Usage Examples 





The following example sets the From header format to use a local IP: 


(config)#ip sip grammar from host local 
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The following example sets the From header format to use calling party format on trunk T02: 


(config)#ip sip grammar from user domestic T02 


Technology Review 





This technology review provides information about the E.164 recommendation for International numbering 
plans and telephone number formats. 


A fully specified telephone number can have a maximum of 15 digits, including country code, area code, 
and the subscriber’s number. These numbers usually consist of a + prefix. E.164 numbers exclude dialing 
prefixes. The most familiar prefixes are international direct dialing (IDD) and national direct dialing (NDD). 
In countries other than the USA, the IDD and NDD are represented by different numbers. 


Additionally, E.123 describes the use of + to indicate a fully specified international number. The + is used in 
SIP headers to provide consistency across national and international phone calls. 


AOS products provide support for E.164 by being able to specify a country code and an IDD prefix. 
National format telephone numbers are converted to international format by prefixing them with + and the 
country code. On outbound international calls, + is substituted for the IDD. On incoming international calls, 
the + is removed. If the country code matches the configured value, it too is removed. 





Setting the From header to international will cause phone numbers to be formatted as 
‘one indicated by E.164. The country code must be configured, and the number must be of type 
national for this feature to work successfully. 
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ip sip grammar p-asserted-identity host 


Use the ip sip grammar p-asserted-identity host command to enable and format the private extensions to 
Session Initiation Protocol (SIP) for asserted identity within trusted networks. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip sip grammar p-asserted-identity host domain 
ip sip grammar p-asserted-identity host local 
ip sip grammar p-asserted-identity host sip-server 


Syntax Description 





domain Specifies the domain host for formatting the header. 
local Specifies the local IP as host for formatting the header. 
sip-server Specifies the SIP server as host for formatting the header. 


Default Values 





By default, the host for formatting messages is sip-server. 


Command History 


Release 13.1 Command was introduced. 


Usage Examples 





The following example sets the p-asserted-identity to use a local IP: 


(config)#ip sip grammar p-asserted-identity host local 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 791 


Command Reference Guide Global Configuration Mode Command Set 





ip sip grammar proxy-require privacy 
Use the ip sip grammar proxy-require privacy command to add a proxy-require header to Session 


Initiation Protocol (SIP) message packets containing a privacy header. Use the no form of this command to 
disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example allows a proxy-require header to be added to packets containing a privacy header: 


(config)#ip sip grammar proxy-require privacy 
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ip sip grammar request-uri 


Use the ip sip grammar request-uri command to format the Request URI for IP SIP messages. Use the 
no form of this command to return to the default setting. Variations of this command include: 


ip sip grammar request-uri host domain 
ip sip grammar request-uri host sip-server 
ip sip grammar request-uri host-resolve 


Syntax Description 





domain Specifies the domain for formatting the header. 

sip-server Specifies the SIP server IP for formatting the header. 

host-resolve Enables the local unit to resolve the domain before resolving the request 
URI. 


Default Values 





By default, the host for formatting messages is the SIP server. Also by default, host-resolve is disabled. 


Command History 


Release 11.1 Command was introduced. 


Usage Examples 





The following example enables IP SIP messages to resolve the request URI from the host domain: 


(config)#ip sip grammar request-uri host domain 


The following example enables IP SIP messages to resolve the request URI from the local unit: 


(config)#ip sip grammar request-uri host-resolve 
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ip sip grammar require 100rel 


Use the ip sip grammar require 100rel command to add 100rel to the Require header of a SIP 
provisional response. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, ip sip grammar require 100rel is disabled. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





This command enables or disables the sending of reliable provisional responses to clients that support 
100rel. Reliable provisional responses will always be sent to clients that require 100rel even with ip sip 
grammar require 100rel disabled. 


Usage Examples 





The following example enables ip sip grammar require 100rel: 


(config)#ip sip grammar require 100rel 


Technology Review 





There are two Require headers that may use the 100rel tag, one in the initial request, and one in the 
provisional response. 


The user agent client (UAC) is used to initiate SIP requests. When the UAC creates a new request, it can 
require reliable provisional responses for that request by adding the option tag 100rel to the Require 
header of that request. 


The user agent server (UAS) contacts the user when SIP requests are received, and returns responses on 
behalf of the user, using provisional responses for request progress information. Provisional responses 
(100 to 199) are transmitted on a best-effort basis. By using reliable provisional responses, responses are 
sent by the UAS until they are acknowledged as received. This is especially beneficial when sending 
provisional responses over an unreliable transport, such as UDP. 


The UAS must send any non-100 provisional responses reliably if the initial request contained a Require 
header field with the option tag 100rel. If the UAS is unwilling to do so, it must reject the initial request with 
a Bad Extension message and include an Unsupported header field containing the option tag 100rel. If the 
client supports 100rel, the UAS has the option of sending provisional responses with or without the 
Require 100rel tag as instructed by the ip sip grammar require 100rel command. 
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ip sip grammar supported 100rel 


Use the ip sip grammar supported 100rel command to include 100rel in the supported header of the SIP 


message. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, ip sip grammar supported 100rel is disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example enables ip sip grammar supported 100rel: 


(config)#ip sip grammar supported 100rel 
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ip sip grammar to host 


Use the ip sip grammar to host command to format the host format of the To header of a SIP message. 
Use the no form of this command to return to the default setting. Variations of this command include: 


ip sip grammar to host domain 
ip sip grammar to host sip-server 


Syntax Description 





domain Specifies the domain for formatting the header. 
sip-server Specifies the SIP server for formatting the header. 


Default Values 





By default, the host for formatting messages is the SIP server. 


Command History 


Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the To header format to use a domain host: 


(config)#ip sip grammar to host domain 
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ip sip grammar user-agent 


Use the ip sip grammar user-agent command to configure the user agent (UA) header format in Session 
Initiation Protocol (SIP) messages. The UA header can be given the default value for the product, a 
user-defined value, or no value at all, in which case the UA header is not sent in SIP messages. Use the no 
form of this command to return to the default of the product. Variations of this command include the 
following: 


ip sip grammar user-agent <word> 
ip sip grammar user-agent default 
ip sip grammar user-agent none 


Syntax Description 


<word> Specifies a word as a user-defined value to replace the default UA value. 
Maximum 128 letters. 

default Returns the UA header field value to the default value. 

none Disables the UA header field resulting in no UA header sent in SIP 
messages. 


Default Values 





By default, the UA value is set to the default value of the product. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example removes the UA header field from SIP messages: 


(config)#ip sip grammar user-agent none 
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ip sip location 


Use the ip sip location command to manually add a Session Initiation Protocol (SIP) user agent (UA) to 
the location database. Use the no form of this command to disable this feature. Variations of this command 
include: 


ip sip location <username> <ip address> 

ip sip location <username> <ip address> <port> 

ip sip location <username> <ip address> <port> tcp 

ip sip location <username> <ip address> <port> tcp <number> 
ip sip location <username> <ip address> <port> udp 

ip sip location <username> <ip address> <port> udp <number> 


Syntax Description 





<username> Specifies the user name for the UA being added to the location database. 

<ijp address> Specifies the IP address for the UA being added to the location database. 
IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 

<port> Optional. Specifies the port of the UA to add to the database. If no port is 
specified, default port is 5060. 

tcp Optional. Specifies the use of Transmission Control Protocol (TCP) for 


session communication. 


udp Optional. Specifies the use of User Datagram Protocol (UDP) for session 
communication. 


<number> Optional. Specifies the time in seconds that a user is stored in the database. 
Range from 0 to 36000. If no time is specified, default time is zero seconds. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Release 15.1 Command expanded to include a choice of transport protocols and 
expiration time. 


Usage Examples 





The following example specifies an IP SIP location of 192.33.5.99 for a user named 2001: 


(config)#ip sip location 2001 192.33.5.99 
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ip sip privacy 


Use the ip sip privacy command to specify outbound calls to include privacy headers (when configured) 
and inbound calls to be filtered on privacy settings. Use the no form of this command to return to the 
default setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, IP SIP privacy is disabled. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example enables IP SIP privacy: 


(config)#ip sip privacy 
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ip sip proxy 


Use the ip sip proxy command to enable the Session Initiation Protocol (SIP) proxy server in the Stateful 
and Outbound modes. Refer to the Voice SIP Trunk Configuration Guide located on your AOS 
Documentation CD or on the Web at www.adtran.com for detailed information about Stateful and 
Outbound modes. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example allows the SIP proxy server to operate in the Stateful and Outbound modes: 


(config)#ip sip proxy 
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ip sip proxy allowed-servers <hostname> 


Use the ip sip proxy allowed-servers command to add a server to the list of permitted Session Initiation 
Protocol (SIP) proxy servers. Use the no form of this command to return to the default setting. 


Syntax Description 


<hostname> Specifies the fully qualified domain name (FQDN) or IP address of the SIP 
proxy server. IP addresses should be expressed in dotted decimal notation 
(for example, 208.61.209.1). 


Default Values 





By default, all servers are allowed in the Transparent and Outbound modes. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example adds the Hudson server as an allowed SIP proxy server: 


(config)#ip sip proxy allowed-servers Hudson 
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ip sip proxy dial-string source 


Use the ip sip proxy dial-string source command to specify the dial-string source for the Session 
Initiation Protocol (SIP) proxy server. Use the no form of this command to return to the default setting. 
Variations of this command include: 


ip sip proxy dial-string source request-uri 
ip sip proxy dial-string source to 


Syntax Description 





request-uri Specifies the Request-URI user field as the dial-string source. 
to Specifies the To header as the dial-string source. 


Default Values 





By default, the dial-string source is set to request-uri. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the To header as the dial-string source: 


(config)#ip sip proxy dial-string source to 
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ip sip proxy domain <string> 


Use the ip sip proxy domain command to specify a domain string for Session Initiation Protocol (SIP) 
proxy messaging. Use the no form of this command to return to the default setting. 


Syntax Description 


<string> Specifies the domain string for SIP messaging. 


Default Values 





By default, ip sip proxy domain is not configured. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example specifies Sample as the SIP proxy domain string: 


(config)#ip sip proxy domain Sample 
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ip sip proxy failover codec-group <name> 
Use the ip sip proxy failover codec-group command to specify the Session Initiation Protocol (SIP) 


proxy server’s CODEC when the system is in survivability (failover) mode. Use the no form of this 
command to return to the default setting. 


Syntax Description 





<name> Specifies the name of a previously created CODEC list to be used during 
failover. 


Default Values 





By default, ip sip proxy failover codec-group is not configured. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables the CODEC list named efel during failover: 


(config)#ip sip proxy failover codec-group efcl 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 804 


Command Reference Guide Global Configuration Mode Command Set 





ip sip proxy failover dial-string source 


Use the ip sip proxy failover dial-string source command to specify the dial-string source for the Session 
Initiation Protocol (SIP) proxy server when the system is in survivability (failover) mode. Use the no form 
of this command to return to the default setting. Variations of this command include: 


ip sip proxy failover dial-string source request-uri 
ip sip proxy failover dial-string source to 


Syntax Description 





request-uri Specifies the Request-URI user field as the dial-string source. 
to Specifies the To header as the dial-string source. 


Default Values 





By default, the dial-string source is request-uri. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example specifies using the To header for the dial-string source: 


(config)#ip sip proxy failover dial-string source to 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 805 


Command Reference Guide Global Configuration Mode Command Set 





ip sip proxy failover match-digits <va/lue> 
Use the ip sip proxy failover match-digits command to specify the number of digits to match with the 


user’s dial-string digits when the system is in survivability (failover) mode. Use the no form of this 
command to return to the default setting. 


Syntax Description 





<value> Specifies the number of digits within a template to match during failover. 
The valid range is 1 to 255. 


Default Values 





By default, this command is not configured. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the ip sip proxy failover match-digits to 7: 


(config)#ip sip proxy failover match-digits 7 
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ip sip proxy failover sip-keep-alive 


Use the ip sip proxy failover sip-keep-alive command to configure the Session Initiation Protocol (SIP) 
proxy server keep-alive method when the system is in survivability (failover) mode. Keep-alive messages 
must be sent between the SIP device and the registrar to keep the connected channel open for 
communication. Use the no form of this command to return to the default setting. Variations of this 
command include the following: 


ip sip proxy failover sip-keep-alive info 

ip sip proxy failover sip-keep-alive info <va/ue> 

ip sip proxy failover sip-keep-alive options 

ip sip proxy failover sip-keep-alive options <value> 


Syntax Description 





<value> Specifies the amount of time in seconds between keep-alive messages sent 
during a call. The range is 30 to 3600 seconds. 

info Specifies using the INFO keep-alive method on this trunk. 

options Specifies using the OPTIONS keep-alive method on this trunk. 


Default Values 





By default, this command is not configured. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables the INFO method to be used as the SIP keep-alive method with the timeout 
between messages set to 3 minutes: 


(config)#ip sip proxy failover sip-keep-alive info 180 
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ip sip proxy failover trust-domain 


Use the ip sip proxy failover trust-domain command to manually add another level of privacy from 
participating service providers. The system supports RFC 3323 and RFC 3325. Enabling this command 
requires the use of P-Asserted-Identity Session Initiation Protocol (SIP) privacy for this trusted domain. 
Use the no form of this command to disable this feature. Variations of this command include: 


ip sip proxy failover trust-domain 
ip sip proxy failover trust-domain p-asserted-identity-required 


Syntax Description 





p-asserted-identity-required Specifies that P-Asserted-Identity is required for this domain. 


Default Values 


By default, this command is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 
The following example specifies that P-Asserted-Identity is required: 


(config)#ip sip proxy failover trust-domain p-asserted-identity-required 
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ip sip proxy grammar 


Use the ip sip proxy grammar command to specify the Session Initiation Protocol (SIP) proxy grammar 
options. Use the no form of this command to return to the default setting. Variations of this command 
include: 


ip sip proxy grammar from host domain 

ip sip proxy grammar from host sip-server 

ip sip proxy grammar request-uri host domain 

ip sip proxy grammar request-uri host sip-server 
ip sip proxy grammar to host domain 

ip sip proxy grammar to host sip-server 


Syntax Description 





from Configures the From header grammar. 

request-uri Configures the Request URI grammar. 

to Configures the To header grammar. 

domain Specifies using the configured SIP proxy domain string in the header. 
sip-server Specifies using the resolved SIP proxy server address in the header. 


Default Values 





By default, ip sip proxy grammar for all option headers is sip-server. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example configures the To header using the configured SIP proxy domain string: 


(config)#ip sip proxy grammar to host domain 
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ip Sip proxy sip-server primary 


Use the ip sip proxy sip-server primary command to configure the primary Session Initiation Protocol 
(SIP) server softswitch. Use the no form of this command to disable this feature. The command cannot be 
disabled unless all previously entered ip sip proxy sip-server secondary commands are removed. 
Variations of this command include: 


ip sip proxy sip-server primary <hostname | ip address> 

ip sip proxy sip-server primary <hostname | ip address> tcp 

ip sip proxy sip-server primary <hostname | ip address> tcp <port> 
ip sip proxy sip-server primary <hostname | ip address> udp 

ip sip proxy sip-server primary <hostname | ip address> udp <port> 


Syntax Description 





<hostname | ip address> Specifies the fully qualified domain name (FQDN) or IP address of the SIP 
proxy server. IP addresses should be expressed in dotted decimal notation 
(for example, 208.61.209.1). 


tcp Optional. Specifies the Transmission Control Protocol (TCP) port on which 
the SIP stack is operating. 


udp Optional. Specifies the User Datagram Protocol (UDP) port on which the 
SIP stack is operating. 


<port> Optional. Specifies the port number. Range is 0 to 65,535. 


Default Values 





By default, this command is not configured. If the command is configured, the default protocol is UDP on 
port 5060. If a particular protocol is configured and no port is specified, the default port is set to 5060. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





The guidelines for configuring the softswitch(es) depends on the mode of operation selected. Softswitch 
configuration is always needed for Stateful mode. It is only needed for Outbound mode and Transparent 
mode when the SIP Request does not contain any fields that can be resolved to the softswitch’s location. 


Usage Examples 





The following example sets the primary softswitch: 


(config)#ip sip proxy sip-server primary 208.61.209.1 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 810 


Command Reference Guide Global Configuration Mode Command Set 





ip Sip proxy sip-server secondary 


Use the ip sip proxy sip-server secondary command to configure the secondary Session Initiation 
Protocol (SIP) server softswitch. This command can be entered multiple times to specify numerous 
secondary SIP servers. Use the no form of this command to disable this feature. Variations of this 
command include: 


ip sip proxy sip-server secondary <hostname | ip address> 

ip sip proxy sip-server secondary <hostname | ip address> tcp 

ip sip proxy sip-server secondary <hostname | ip address> tcp <port> 
ip sip proxy sip-server secondary <hostname | ip address> udp 

ip sip proxy sip-server secondary <hostname | ip address> udp <port> 


Syntax Description 





<hostname | ip address> Specifies the fully qualified domain name (FQDN) or IP address of the SIP 
proxy server. IP addresses should be expressed in dotted decimal notation 
(for example, 208.61.209.2). 


tcp Optional. Specifies the Transmission Control Protocol (TCP) port on which 
the SIP stack is operating. 


udp Optional. Specifies the User Datagram Protocol (UDP) port on which the 
SIP stack is operating. 


<port> Optional. Specifies the port number. Range is 0 to 65,535. 


Default Values 





By default, this command is not configured. If the command is configured, the default protocol is UDP on 
port 5060. If a particular protocol is configured and no port is specified, the default port is set to 5060. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





The guidelines for configuring the softswitch(es) depends on the mode of operation selected. Softswitch 
configuration is always needed for Stateful mode. It is only needed for Outbound mode and Transparent 
mode when the SIP Request does not contain any fields that can be resolved to the softswitch’s location. 


Usage Examples 





The following example sets the secondary softswitch: 


(config)#ip sip proxy sip-server secondary 208.61 .209.2 
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ip sip proxy transparent 


Use the ip sip proxy transparent command to enable the Session Initiation Protocol (SIP) proxy server in 
the Transparent mode. Use the no form of this command to disable this feature. Variations of this 
command include: 


ip sip proxy transparent 
ip sip proxy transparent nat-simulate 


Syntax Description 





nat-simulate Optional. Specifies the network address translation (NAT) simulation. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 16.1 Command was introduced. 
Release A1 Command was expanded to include NAT simulation. 


Usage Examples 





The following example allows the SIP proxy server to operate in transparent mode: 


(config)#ip sip proxy transparent 
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ip sip qos dscp <value> 
Use the ip sip qos dscp command to configure the differentiated services code-point (DSCP) value to 


mark IP SIP packets with. This marking can then be used by the quality of service (QoS) mechanisms to 
give priority for this type of traffic in the unit. Use the no form of this command to disable this feature. 


Syntax Description 





<value> Specifies the DSCP value. Valid range is 0 to 63. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the DSCP value to 63: 


(config)#ip sip qos dscp 63 
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ip sip registrar 


Use the ip sip registrar command to configure the SIP registrar server used for registering user agents 
(UAs) into the location database. For more details on SIP operation, refer to the Technology Review section 
of the command ip firewall alg on page 701. Use the no form of the ip sip registrar command to disable 
the registrar server. Variations of this command include: 


ip sip registrar 

ip sip registrar authenticate 

ip sip registrar default-expires <va/ue> 
ip sip registrar max-expires <value> 

ip sip registrar min-expires <va/lue> 

ip sip registrar realm <string> 


Syntax Description 





authenticate Specifies that authentication is required for each UA during registration. 


default-expires <value> Specifies the default expiration period for the UA listing in the location 
database. UAs requesting registration without specifying an expiration 
period are given this default expiration period. Range is 0 to 
2,592,000 seconds. 


max-expires <value> Specifies the maximum expiration period for the UA listing in the location 
database. All UAs registering with the SIP proxy server request an 
expiration period for the listing in the database. UAs requesting an 
expiration period between the max-expires and min-expires values are 
honored. Range is 0 to 2,592,000 seconds. 


min-expires <value> Specifies the minimum expiration period for the UA listing in the location 
database. All UAs registering with the SIP proxy server request an 
expiration period for the listing in the database. UAs requesting an 
expiration period between the max-expires and min-expires values are 
honored. Range is 0 to 2,592,000 seconds. 


realm <string> Specifies a realm (using an ASCII character string) for the UA listing in the 
location database. 


Default Values 





By default, the registrar server is disabled. 


Command History 





Release 11.1 Command was introduced. 
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Usage Examples 





The following example sets the default expiration to 5 seconds: 


(config)#ip sip registrar default-expires 5 


The following example sets the realm string: 


(config)#ip sip registrar realm voice.adtran.com 
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ip sip tcp 


Use the ip sip tep command to configure the Transmission Control Protocol (TCP) port on which the 


Session Initiation Protocol (SIP) stack is operating. Use the no form of this command to set the TCP port 


value to zero and disable TCP port use. Variations of this command include the following: 


ip sip tcp 
ip sip tcp <number> 


Syntax Description 





<number> Specifies the TCP port. Range is 1 to 65,535. 


Default Values 





By default, the value of the TCP port is set to 5060. If the command ip sip tcp is entered with no 
specifications, the port value will be set to 5060. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 


The ip sip tcp <number> command may be entered multiple times to specify multiple ports. 


Usage Examples 





The following example sets the SIP stack TCP port number to the default port 5060: 
(config)#ip sip tcp 
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ip sip timer 


Use the ip sip timer command to configure the Session Initiation Protocol (SIP) internal T1 and T2 timers 
(in milliseconds). Use the no form of this command to return to the default value. Variations of this 
command include: 


ip sip timer T1 <value> 
ip sip timer T2 <value> 


Syntax Description 





T1 Specifies the T1 timer. 
T2 Specifies the T2 timer. 
<value> Specifies time in milliseconds. Range for T1 is 50 to 1,000 milliseconds, and 


for T2 is 1,000 to 32,000 milliseconds. 


Default Values 





By default, the T1 timer is set to 500 milliseconds, and the T2 timer is set to 4,000 milliseconds. 


Command History 


Release 13.1 Command was introduced. 


Functional Notes 





T1 is an estimate of network round trip time (RTT), and is used as the initial invite message retransmit 
interval. Several SIP internal timers are derived from T1. 


T2 is the maximum retransmit interval for non-invite requests and invite responses. 


Usage Examples 





The following example configures the T1 timer to 1,000 milliseconds: 


(config)#ip sip timer T1 1000 
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ip sip timer registration-failure-retry <va/ue> 
Use the ip sip timer registration-failure-retry command to configure the time (in seconds) that will 


elapse before a SIP endpoint will retry registration with the SIP server after a registration failure has 
occurred. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies time in seconds. Range is 10 to 604,800 seconds. 


Default Values 





By default, the registration-failure-retry timer is set to 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example allows a retry attempt to begin after 32 seconds: 


(config)#ip sip timer registration-failure-retry 32 
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ip sip timer rollover <value> 


Use the ip sip timer rollover command to set the SIP timer for Invite transactions. Use the no form of this 
command to return to the default value. 


Syntax Description 


<value> Specifies time in seconds. Range is 1 to 32 seconds. 


Default Values 





By default, the rollover timer is set to 3 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





The ip sip timer rollover command sets the SIP timer B value for Invite transactions originating from a 
SIP trunk. When originating a call, the SIP trunk attempts to send Invite messages to the primary SIP 
server and waits for a response. If there is no response, the SIP trunk waits for 0.5 seconds before 
attempting to send another Invite to the same SIP server. If no response, the SIP trunk waits for 1 second 
before attempting to send another Invite, then waits 2 seconds, and so on. These increasing intervals are 
shown in the diagram below. 


Times are shown in seconds. 
T=31.5 





The rollover timer allows the user to control how long to wait before trying the next server. In the diagram 
above, the red line indicates the rollover timer expiration. If there is no response after the timer expires, the 
SIP trunk will attempt to send Invite messages to the highest priority backup SIP server obtained via DNS 
SRV. The SIP trunk starts over at T=0 with the next server and doesn't send any more messages to the 
timed out server. As long as the SIP trunk does not receive a response, it will continue this cycle until it has 
attempted to contact all the SIP servers. 


Usage Examples 





The following example allows connection attempts to continue for up to 32 seconds before rolling over to 
the backup server: 


(config)#ip sip timer rollover 32 
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ip sip udp 


Use the ip sip udp command to configure the User Datagram Protocol (UDP) port on which the Session 
Initiation Protocol (SIP) stack is operating. Use the no form of this command to set the UDP port value to 


zero and disable UDP use. Variations of this command include the following: 


ip sip udp 
ip sip udp <number> 


Syntax Description 





<number> Specifies the UDP port. Range is 1 to 65,535. 


Default Values 





By default, the value of the UDP port is set to 5060. If the command ip sip udp is entered with no 
specifications, the port value will be set to 5060. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 


The ip sip udp <number> command may be entered multiple times to specify multiple ports. 


Usage Examples 





The following example sets the SIP stack UDP port number to the default port 5060: 
(config)#ip sip udp 
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ip snmp agent 


Use the ip snmp agent command to enable the Simple Network Management Protocol (SNMP) agent. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 
By default, the SNMP agent is disabled. 





Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Allows a MIB browser to access standard MIBs within the product. This also allows the product to send 
traps to a trap management station. 


Usage Examples 





The following example enables the IP SNMP agent: 


(config)#ip snmp agent 
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ip sntp server 


Use the ip sntp server command to enable the Simple Network Time Protocol (SNTP) server. This allows 
the unit to accept SNTP requests. Use the no form of this command to disable the server. 


Syntax Description 


No subcommanas. 


Default Values 
By default, the SNTP server is disabled. 





Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example enables the SNTP server: 


(config)#ip sntp server 
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ip sntp server send-unsynced 
Use the ip sntp server send-unsynced command to enable sending the system clock time when requested, 


even if the device is not synchronized with the Simple Network Time Protocol (SNTP) server. Use the no 
form of this command to disable this setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example enables the device to send the system clock time regardless of synchronized status 
with the sntp server: 


(config)#ip sntp server send-unsynced 
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ip sntp server source-interface <interface> 
Use the ip sntp server source-interface command to specify a source interface for Simple Network Time 


Protocol (SNTP) server traffic. The IP address of the specified interface will be used to source all SNTP 
traffic. Use the no form of this command if you do not wish to override the default source IP address. 


Syntax Description 





<interface> Specifies the source interface for SNTP server traffic. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip sntp server 
source-interface ? for a complete list of valid interfaces. 


Default Values 





By default, no SNTP server source interface is defined. 


Command History 





Release 6.1 Command was introduced. 

Release 14.1 Command expanded to include tunnel interface. 

Release 16.1 Command expanded to include BVI, Frame Relay, HDLC, and PPP 
interfaces. 

Release 17.1 Command expanded to include ATM interface. 


Functional Notes 





This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 





The following example configures the unit to use the loopback 1 interface as the source IP for SNTP 
traffic: 


(config)#ip sntp server source-interface loopback 1 
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ip sntp source-interface </nterface> 


Use the ip sntp source-interface command to specify a source interface for Simple Network Time 
Protocol (SNTP) traffic originated by the unit. The IP address of the specified interface will be used to 
source all SNTP traffic. Use the no form of this command if you do not wish to override the default source 
IP address. 


Syntax Description 





<interface> Specifies the source interface for SNTP traffic. Specify an interface in the 
format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip sntp 
source-interface ? for a complete list of valid interfaces. 


Default Values 





By default, no SNTP source interface is defined. 


Command History 





Release 6.1 Command was introduced. 

Release 14.1 Command expanded to include tunnel interface. 

Release 16.1 Command expanded to include BVI, Frame Relay, HDLC, and PPP 
interfaces. 

Release 17.1 Command expanded to include ATM interface. 


Functional Notes 


This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 





The following example configures the unit to use the loopback 1 interface as the source IP for SNTP 
traffic: 


(config)#ip sntp source-interface loopback 1 
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ip subnet-zero 


The ip subnet-zero command is the default operation and cannot be disabled. This command signifies the 


router’s ability to route to subnet-zero subnets. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example subnet-zero is enabled: 


(config)#ip subnet-zero 
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ip tacacs source-interface <interface> 
Use the ip tacacs source-interface command to specify a source interface for TACACS + traffic originated 


by the unit. The IP address of the specified interface will be used to source all TACACS-+ traffic. Use the 
no form of this command if you do not wish to override the default source IP address. 


Syntax Description 





<interface> Specifies the source interface for TACACS+ traffic. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip tacacs 
source-interface ? for a complete list of valid interfaces. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command expanded to include tunnel interface. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 


This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 





The following example configures the unit to use the loopback 1 interface as the source IP for TACACS+ 
traffic: 


(config)#ip tacacs source-interface loopback 1 
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ip tftp server 


Use the ip tftp server to enable the Trivial File Transfer Protocol (TFTP) server. Use the no form of this 
command to disable the TFTP server. Variations of this command include: 


ip tftp server 
ip tftp server access-class <name> in 
ip tftp server overwrite 


Syntax Description 





access-class <name> in Controls access to the internal TFTP server using the specified access 
control list (ACL). 
overwrite Enables the TFTP server to overwrite existing files. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.3 Command was introduced. 
Release 13.1 Command was expanded to include the overwrite feature. 


Usage Examples 





The following example enables the TFTP server: 

(config)#ip tftp server 

The following example enables the TFTP server, as well as self-bound TFTP incoming connections. In this 
example, classname is the name of the access class. 


(config)#ip tftp server access-class classname in 
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ip tftp source-interface </nterface> 
Use the ip tftp source-interface command to use the specified interface’s IP address as the source IP 


address for Trivial File Transfer Protocol (TFTP) traffic transmitted by the unit. Use the no form of this 
command if you do not wish to override the normal source IP address. 


Syntax Description 





<interface> Specifies the interface to be used as the source IP address for TFTP traffic. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type ip tftp source-interface ? for a complete list of valid 
interfaces. 


Default Values 





No default value is necessary for this command. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 14.1 Command expanded to include tunnel interface. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 





This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 





The following example configures the unit to use the loopback 1 interface as the source IP for TFTP 
traffic: 


(config)#ip tftp source-interface loopback 1 
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ip urlfilter <name> http 


Use the ip urlfilter http command to create a URL filter for Hypertext Transfer Protocol (HTTP) (TCP 
port 80) traffic. Use the no form of this command to delete the specified HTTP URL filter. 





additional information about the URL filtering technology, refer to the vendor’s website. 


Wor The URL filtering software runs on a server independent of the AOS product. For 





Syntax Description 





<name> Specifies the URL filter name. 


Default Values 


By default, no URL filters are configured. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be applied to the appropriate interface by using the ip urlfilter <filtername> [in | out] command. 
Refer to this command in the appropriate interface for more information. 


Usage Examples 





The following example creates the HTTP URL filter called MyFilter that can be applied to an interface for 
content filtering: 


(config)#ip urlfilter MyFilter http 
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ip urlfilter allowmode 
Use the ip urlfilter allowmode command to allow all URL requests in cases when all URL filter servers 


are down. Use the no form of this command to block all URL requests when all URL filter servers are 
down. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all URL requests will be blocked when all URL filter servers are down. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example permits all URL requests even when URL filter servers are down: 


(config)#ip urlfilter allowmode 
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ip urlfilter exclusive-domain 


Use the ip urlfilter exclusive-domain command to instruct AOS to always allow or always block a 
domain without first having to verify with the URL filter server. Use the no form of this command to 
remove an exclusive domain. Variations of this command include: 


ip urlfilter exclusive-domain deny <name> 
ip urlfilter exclusive-domain permit <name> 


Syntax Description 





deny <name> Specifies that the domain name be blocked without verifying with the URL 
filter server. 


permit <name> Specifies that the domain name be allowed without verifying with the URL 
filter server. 


Default Values 


By default, no exclusive domains are configured. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Domain matching is based on an exact match between the HTTP header and entries in the ip urlfilter 
exclusive-domain command. In order to exactly match requests destined for a domain, entries should list 
all possible variations of the domain that would appear in the Host field of an HTTP header. Refer to the 
Usage Examples section of this command for more detailed information. 


Usage Examples 


The following example will always allow access to www.adtran.com and adtran.com without first having 
to verify the domain with the URL filter server: 


(config)#ip urlfilter exclusive-domain permit www.adtran.com 
(config)#ip urlfilter exclusive-domain permit adtran.com 
The following example will always block access to www.localnews.com without first having to verify the 


domain with the URL filter server: 


(config)#ip urlfilter exclusive-domain deny www.localnews.com 
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ip urlfilter max-request <va/ue> 
Use the ip urlfilter max-request command to set the maximum number of outstanding URL lookup 


requests that can be sent to a URL filter server without a response. Use the no form of this command to set 
the value back to its default setting. 


Syntax Description 





<value> The maximum number of outstanding URL lookup requests. Valid range 
is 1 to 500 requests. 


Default Values 





By default, the number of outstanding requests is 500. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





After the maximum number of URL lookup requests is reached, the no ip urlfilter allowmode setting will 
be used to allow or block all following requests until enough URL lookup responses have been received 
from the URL filter server. 


Usage Examples 





The following example sets the maximum number of URL lookup requests to 250: 


(config)#ip urlfilter max-request 250 
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ip urlfilter max-response <va/ue> 
Use the ip urlfilter max-response command to set the maximum number of responses allowed to buffer 


before receiving an allow or block status from the URL filter server. Use the no form of this command to 
set the value back to its default setting. 


Syntax Description 





<value> Specifies the maximum number of responses allowed to buffer. Valid range 
is 1 to 100 responses. 


Default Values 





By default, the value of buffered responses is 100. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





When a URL request comes through the unit and URL filtering is enabled, a lookup request is sent to the 
URL filter server and the HTTP request is forwarded to the HTTP server at the same time. If the HTTP 
server responds before the URL filter server, the response must be buffered until the URL filter server 
responds with allow or block. Once the maximum number of buffered HTTP responses is reached, all 
following HTTP responses are dropped until some of the existing buffered responses are released. 
Buffered responses are released when the URL filter server sends a response, or when the firewall 
association times out. 


Usage Examples 





The following example sets the maximum number of buffered responses to50: 


(config)#ip urlfilter max-response 50 
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ip urlfilter server </p address> 


Use the ip urlfilter server command to identify a URL filter server by IP address and port number. Use 
the no form of this command to remove the server from use. Variations of this command include: 


ip urlfilter server <p address> 
ip urlfilter server <ijp address> port <number> 
ip urlfilter server <p address> timeout <value> 


Syntax Description 





<ijp address> Specifies the server IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 

port <number> Specifies the server TCP port number that will receive requests. 

timeout <value> Specifies the number of seconds to wait for a response from the URL 


filtering server before determining that it is out of service. Range is 1 to 
300 seconds. 


Default Values 





By default, there are no URL filtering servers configured. When configuring a URL filtering server, the port 
default is 15,868, and the timeout default is 5 seconds. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 


The following example identifies a URL filtering server at IP address 10.1.1.1 that listens for URL filtering 
requests on port 15,868 (default) and waits for a response for 10 seconds before determining that the 
filtering server is down: 


(config)#ip urlfilter server 10.1.1.1 timeout 10 
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ip urlfilter top-website 


Use the ip urlfilter top-website command to enable reporting of the websites most frequently requested 
on the system. Use the no form of the command to disable top websites reporting. 





‘ome Enabling this feature may cause a performance degradation in Web browsing. 





Syntax Description 





There are no subcommands. 


Default Values 


By default, top websites reporting is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables top websites reporting: 


(config)#ip urlfilter top-website 
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ip vrf <name> route-distinguisher <number> 


Use the ip vrf route-distinguisher command to create a nondefault VRF instance and assign it a route 
distinguisher. Use the no ip vrf command to remove all VRF instances configured on the system. Use the 
no ip vrf route-distinguisher command to destroy the VRF instance and any commands configured on the 
VRF. 


Syntax Description 





<name> Specifies the name of the VRF instance. Valid range is up to 79 
alphanumeric characters. 

<number> Assigns a route-distinguisher to the VRF. This number can be represented 
by either ASN:nn or IP-address:nn. ASN:nn consists of a 16-bit AS number 
(ASN) and a 32-bit arbitrary number (nn). IP-address:nn consists of an IP 
address and a 16-bit arbitrary number (nn). A route-distinguisher of all zeros 
is reserved for the default VRF. 


Default Values 





No default values necessary for this command. 


Command History 


Release 16.1 Command was introduced. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


Once a nondefault VRF is created, it must be assigned to the appropriate interfaces. Use the jp vrf 
forwarding <name> on page 838 to assign interfaces to the VRF. By default, interfaces are assigned to the 
default VRF. An interface can only be assigned to one VRF, but multiple interfaces can be assigned to the 
same VRF. 


Usage Examples 





The following example creates the VRF Red and assigns the route distinguisher 2:2: 


(config)#ip vrf RED route-distinguisher 2:2 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
this command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





settings on that interface. 


Keep in mind that changing an interface’s VRF association will clear all IP-related 
UT 





Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF that is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF, but multiple interfaces can be assigned to the same VRFF. 


An interface will only forward IP traffic that matches its associated VRF. 


Usage Examples 





The following example assigns the eth 0/1 interface to the VRF instance named RED: 


(config)#interface eth 0/1 
(config-eth 0/1)#ip vrf forwarding RED 
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isdn-group <number> 
Use the isdn-group command to enter the ISDN Group Configuration mode command set. Use the no 


form of this command to disable this feature. Refer to the section ISDN Group Configuration Command 
Set on page 2240 for more information on the commands available for each group. 


Syntax Description 





<number> Specifies the ISDN group. Range is 1 to 255. 


Default Values 





No default values necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





An ISDN group allows the user to specify the maximum and minimum number of B-channels that can be 
used for a specific type of call. It is a logical group of B-channels from one or more ISDN interfaces. The 
interfaces can be of different types (e.g., PRI and BRI). An ISDN interface can be a member of multiple 
ISDN groups that makes it possible to share its B-channels between different types of calls. 


Usage Examples 





The following example uses the isdn-group command to enter the ISDN Group Configuration mode for 
ISDN group 1: 


(config)#isdn-group 1 
(config-isdn-group 1)# 
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isdn-number-template 


Use the isdn-number-template command to create an entry in the ISDN number type template that is used 
when encoding the called party and calling party information elements for inbound and outbound ISDN 
calls. Use the no form of this command to delete the configured entry. Variations of this command include 
the following: 


isdn-number-template <femplate id> prefix <number> abbreviated <pattern> 
isdn-number-template <femplate id> prefix <number> international <pattern> 
isdn-number-template <template id> prefix <number> national <pattern> 
isdn-number-template <template id> prefix <number> network-specific <pattern> 
isdn-number-template <femplate id> prefix <number> subscriber <pattern> 
isdn-number-template <template id> prefix <number> unknown <pattern> 


Syntax Description 





<template id> Specifies a numeric identifier for the template entry. Valid range is 1 to 255. 


prefix <number> Specifies the expected prefix for the call type. Prefixes can be left blank 
(using double quotation marks “”), or consist of unlimited length strings of Os 
and 1s. For example, for international calls made from within the United 
States, a prefix of 011 is expected. 


abbreviated Specifies using Abbreviated (bits 110) in the Type of Number octet. 
Abbreviated is used mainly in private ISDN network applications, and the 
implementation is network dependant. 


international Specifies using International (bits 001) in the Type of Number octet. 
International is used for calls destined outside the national calling area. 
International calls have the international direct dialing prefix removed. For 
example, consider an international call of 011-N$, where the international 
direct dialing prefix is 011 and the N$ represents the digits necessary for 
routing the call at the destination. When the Called Party IE is created for 
this call, the prefix is stripped and the N$ digits are placed in the Number 
Digits field. 


national Specifies using National (bits 010) in the Type of Number octet. National is 
used for calls destined for inside the national calling area (i.e., does not 
cross into an international LATA). National calls have the direct dialing prefix 
removed. For example, consider a national call with a direct dialing prefix of 
1 and NXX-NXX-XXXX to represent the ten-digit number necessary for 
routing the call. When the Called Party IE is created for this call, the prefix 
(1) is stripped and the NXX-NXX-XXXxX digits are placed in the Number 
Digits field. 
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network-specific 


subscriber 


unknown 


<pattern> 


Default Values 


Specifies using Network-Specific (bits 011) in the Type of Number octet. 
Network-Specific is used for calls that require special access to a private 
network which requires the use of a prefix that should be stripped once 
access to the network has been gained. Network-Specific calls have the 
dialing prefix removed. For example, a call to a private network with the 700 
consists of 700-N$, where 700 is the dialing prefix and N$ represents the 
digits necessary for routing the call at the destination. When the Called 
Party IE is created for this call, the prefix is stripped and the N$ is placed in 
the Number Digits field. 


Specifies using Subscriber (bits 100) in the Type of Number octet. 
Subscriber is used for local calls (not long-distance). Subscriber calls, by 
default, have the area code removed. For example, a subscriber call to 
916-555-1212 would have the prefix 916 stripped and 555-1212 in the 
Number Digits field. For areas with mandatory ten-digit dialing, a blank 
prefix should be entered to ensure that all ten digits are passed to the 
Number Digits field. 


Specifies using Unknown (bits 000) in the Type of Number octet. Unknown 
is used when the number type is not known. Unknown numbers are 
assumed to have no prefix, and the entire dialed number is presented in the 
Number Digits field. 


Specifies a pattern for this template. 
Valid Characters: 
0-9 Match exact digit only. 


Xx Match any single digit 0 through 9. 
N Match any single digit 2 through 9. 
M Match any single digit 1 through 8. 
[] Match any digit in the list. For example: [1,4,6] matches 1, 4, and 6 


only. [1-3, 5] matches 1, 2, 3, and 5. 





The following default number template entry exists for domestic emergency calls (911): 


isdn-number-template 0 prefix “ ” subscriber 911 


Functional Notes 





The following is an example number type template: 


Prefix 


“ ” 
“O11” 


Pattern Type 

NXX-XXXX Subscriber 

NXX-NXX-XXXX National 

X$ International 

N11 Subscriber (i.e., 411, 911, etc.) 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 841 


Command Reference Guide Global Configuration Mode Command Set 





Usage Examples 





The following example creates a number template (labeled 1) and prefix (labeled 1) for national calls: 


(config)#isdn-number-template 1 prefix 1 national Nxx-Nxx-xxxx 
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line 


Use the line command to enter the line configuration for the specified console, Telnet, or secure shell 
(SSH) session. Refer to the sections Line (Console) Interface Config Command Set on page 1006, Line 
(Telnet) Interface Config Command Set on page 1034, and Line (SSH) Interface Config Command Set on 
page 1022 for information on the subcommands. Variations of this command include: 


line console </ine number> 

line ssh </ine number> 

line ssh </ine number> <ending number> 
line telnet </ine number> 

line telnet </ine number> <ending number> 


Syntax Description 





console Enters the configuration mode for the DB-9 (female) CONSOLE port located on 
the rear panel of the unit. Refer to the section Line (Console) Interface Config 
Command Set on page 1006 for information on the subcommands found in 
that command set. 


telnet Enters the configuration mode for Telnet session(s), allowing you to configure 
for remote access. Refer to the section Line (Telnet) Interface Config 
Command Set on page 1034 for information on the subcommands found in 
that command set. 


ssh Enters the configuration mode for SSH. Refer to the section Line (SSH) 
Interface Config Command Set on page 1022 for information on the 
subcommands found in that command set. 


<line number> Specifies the starting session to configure for remote access. Valid range for 
console is 0. Valid range for Telnet and SSH is 0 to 4. 


If configuring a single Telnet or SSH session, enter a single line number. 


<ending number> Optional. Specifies the last Telnet or SSH session to configure for remote 
access. Valid range is 0 to 4. 


For example, to configure all available Telnet sessions, enter line telnet 
04. 


Default Values 





By default, there are no configured Telnet or SSH sessions. By default, the AOS line console parameters 
are configured as follows: 


Data Rate: 9600 
Data bits: 8 
Stop bits: 1 
Parity Bits: 0 

No flow control 
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Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command was expanded to include SSH. 


Usage Examples 





The following example begins the configuration for the CONSOLE port located on the rear of the unit: 
(config)#line console 0 

(config-con0)# 

The following example begins the configuration for all available Telnet sessions: 

(config)#line telnet 0 4 

(config-telnet0-4)# 

The following example begins the configuration for all available SSH sessions: 


(config)#line ssh 0 4 
(config-sshO-4)# 
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lidp 


Use the Ildp command to configure global settings that control the way Link-Layer Discovery Protocol 
(LLDP) functions. Use the no form of this command to return to the default settings. Variations of this 
command include: 


lidp med-fast-start-interval <value> 
lidp minimum-transmit-interval <value> 
lidp reinitialization-delay <value> 

lidp transmit-interval <va/ue> 

IIdp ttl-multiplier <va/ue> 


Syntax Description 





med-fast-start-interval Specifies the fast start transmit interval (in seconds) that LLDP Media 
Endpoint Discovery (LLD)P-MED time length values (TLVs) are sent once 
every second, allowing rapid automatic configuration of LLDP-MED capable 
endpoints at startup. Range is 1 to 10 seconds. Default value is 4 seconds. 


minimum-transmit-interval Defines the minimum amount of time between transmission of LLDP frames 
in seconds. Range is 1 to 8192 seconds. 

reinitialization-delay Defines the minimum amount of time to delay after LLDP is enabled on a 
port before allowing transmission of additional LLDP frames on that port 
in seconds. Range is 1 to 10 seconds. 


transmit-interval Defines the delay between LLDP frame transmission attempts during 
normal operation in seconds. Range is 5 to 32,768 seconds. 

ttl-multiplier Defines the time-to-live (TTL) multiplier to be applied to the transmit interval 
to compute the time-to-live for data sent in an LLDP frame. Range is 2 to 
10. 

<value> Specifies the interval, delay, or multiplier. 


Default Values 





By default, med-fast-start-interval is 4 seconds; minimum-transmit-interval is 2 seconds; 
reinitialization-delay is 2 seconds; transmit-interval is 30 seconds; and ttl-multiplier is 4. 


Command History 





Release 8.1 Command was introduced. 
Release 17.2 Command was expanded to include med-fast-start-interval. 


Functional Notes 





Once a device receives data from a neighboring device in an LLDP frame, it will retain that data for a 
limited amount of time. This amount of time is called time-to-live, and it is part of the data in the LLDP 
frame. The time-to-live transmitted in the LLDP frame is equal to the transmit interval multiplied by the TTL 
multiplier. 
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Usage Examples 





The following example sets the LLDP minimum transmit interval to 10 seconds: 


(config)#lldp minimum-transmit-interval 10 


The following example sets the LLDP reinitialization delay to 5 seconds: 


(config)#lldp reinitialization-delay 5 


The following example sets the LLDP transmit interval to 15 seconds: 

(config)#lldp transmit-interval 15 

The following example sets the LLDP transmit interval to 15 seconds and the TTL multiplier to 2 for all 
LLDP frames transmitted from the unit. The resulting TTL is 30 seconds; 


(config)#lldp transmit-interval 15 
(config)#lldp ttl-multiplier 2 
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logging console 


Use the logging console command to enable AOS to log events to all consoles. Use the no form of this 
command to disable console event logging. 


Syntax Description 


No subcommanads. 


Default Values 





By default, logging console is disabled. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables AOS to log events to all consoles: 


(config)#logging console 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


847 


Command Reference Guide Global Configuration Mode Command Set 





logging email address-list <email address> ; <email address> 


Use the logging email address-list command to specify one or more email addresses that will receive 
notification when an event matching the criteria configured using the logging email priority-level 
command is logged by AOS. Refer to logging email priority-level on page 852 for more information. Use 
the no form of this command to remove a listed address. 


Syntax Description 





<email address> Specifies the complete email address to use when sending logged 
messages. (This field allows up to 256 characters.) 


Enter as many email addresses as desired, placing a semi-colon (;) 
between addresses. 


Default Values 





By default, there are no configured logging email addresses. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies three email addresses to use when sending logged messages: 


(config)#logging email address-list 
admin@adtranemail.com;ntwk@adtranemail.com;support@adtranemail.com 
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logging email exception-report address-list <email address> ; 
<email address> 


Use the logging email exception-report address-list command to specify one or more email addresses to 


receive an exception report for use in troubleshooting. Use the no form of this command to remove a listed 
address. 


Syntax Description 





<email address> Specifies the complete email address to use when sending exception 
reports. (This field allows up to 256 characters.) 


Enter as many email addresses as desired, placing a semi-colon (;) 
between addresses. 


Default Values 





By default, there are no configured logging email addresses. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 


When AOS experiences an exception, it will generate a file with detailed information that ADTRAN’s 
Technical Support can use to diagnose the problem. This command allows the unit to email the exception 
report to a list of addresses upon rebooting after the exception. This command should be used in 
conjunction with the other logging email commands. Refer to logging email address-list <email address> ; 
<email address> on page 848, logging email on on page 851, logging email priority-level on page 852, 
logging email sender on page 854, and logging email source-interface <interface> on page 855 for more 
information. 


Usage Examples 





The following example will enable exception report forwarding to john.doe@company.com using the 
1.1.1.1 SMTP email server: 


(config)#logging email on 
(config)#logging email receiver-ip 1.1.1.1 
(config)#logging email exception-report address-list john.doe@company.com 
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logging email ip urlfilter top-websites 


Use the logging email ip urlfilter top-websites command to specify the parameters for receiving top 
websites reports via email. Use the no form of this command to disable top websites reporting email 
notification. Variations of this command include: 


logging email ip urlfilter top-websites address-list <email addresses> 
logging email ip urlfilter top-websites send-time <HH:MM:SS> 


Syntax Description 





address-list Specifies the configuration of a list of email addresses to receive top 
websites reports. 

send-time Specifies the configuration of when email reports for top websites will be 
sent. 

<email addresses> Specifies the complete email address to use when sending top websites 


reports. (This field allows up to 256 characters.) 


Enter as many email addresses as desired, placing a semi-colon (;) 
between addresses. 


<HH:MM:SS> Specifies the hours, minutes, and seconds in a 24-hour format for sending 
top websites reports by email. 


Default Values 





By default, there are no configured logging email addresses or times for top websites reporting. 


Once an address list is specified and top websites email reports are enabled, the default send-time for the 
reports is 12:00 a.m. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 


The following example configures top websites reports to be emailed to sys.admin@adtran.com at 
5:30 a.m.: 


(config)#logging email ip urlfilter top-websites address-list sys.admin@adtran.com 
(config)#logging email ip urlfilter top-websites send-time 05:30:00 
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logging email on 


Use the logging email on command to enable the AOS email event notification feature. Use the logging 
email address-list command to specify email address(es) that will receive notification when an event 
matching the criteria configured using the logging email priority-level command is logged by AOS. Refer 
to logging email priority-level on page 852 for more information. Use the no form of this command to 
disable the email notification feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, email event notification is disabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


The domain name is appended to the sender name when sending event notifications. Refer to the 
command jp domain-name <domain name> on page 697 for related information. 


Usage Examples 





The following example enables the AOS email event notification feature: 


(config)#logging email on 
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logging email priority-level 


Use the logging email priority-level command to set the threshold for events sent to the addresses 
specified using the logging email address-list command. All events with the specified priority or higher 
will be sent to all addresses in the list. The logging email on command must be enabled. Refer to logging 
email address-list <email address> ; <email address> on page 848 and logging email on on page 851 for 
related information. Use the no form of this command to return to the default priority. Variations of this 
command include: 


logging email priority-level error 
logging email priority-level fatal 
logging email priority-level info 
logging email priority-level notice 
logging email priority-level warning 


Syntax Description 





Sets the minimum priority threshold for sending messages to email addresses specified using the logging 
email address-list command. The following priorities are available (ranking from lowest to highest): 


error Logs events with error and fatal priorities. 

fatal Logs only events with a fatal priority. 

info Logs all events. 

notice Logs events with notice, warning, error, and fatal priorities. 
warning Logs events with warning, error, and fatal priorities. 


Default Values 





By default, the logging email priority-level is set to warning. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example sends all messages with warning level or greater to the email addresses listed 
using the logging email address-list command: 


(config)#logging email priority-level warning 
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logging email receiver-ip <ip address | hostname> 


Use the logging email receiver-ip command to specify the IP address or host name of the email server to 
use when sending email event notification. Use the no form of this command to remove a configured 
address. Variations of this command include: 


logging email receiver-ip <jp address | hostname> 

logging email receiver-ip <ip address | hostname> port <number> 

logging email receiver-ip <ip address | hostname> port <number> auth-username <username> 
auth-password <password> 


Syntax Description 





<ip address | hostname> Specifies the IP address or host name of the email server to use when 
sending logged messages. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


auth-username <username> Optional. Specifies the user name to use if your email server requires 


authentication. 

auth-password <password> Optional. Specifies the password to use if your email server requires 
authentication. 

port <number> Specifies the port number of the remote email server. Range is 1 to 65,535. 


Default Values 


By default, there are no configured email server addresses. 


Command History 





Release 1.1 Command was introduced. 

Release 15.1 Command was expanded to include the auth-username and auth-password 
options. 

Release 16.1 Command was expanded to include the port number specification option. 


Usage Examples 





The following example specifies an email server (with IP address 172.5.67.99) to use when sending 
logged messages: 


(config)#logging email receiver-ip 172.5.67.99 
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logging email sender 
Use the logging email sender command to specify the sender in an outgoing email message. This name 


will appear in the From field of the receiver’s inbox. Use the no form of this command to disable this 
feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example sets a sender for outgoing messages: 


(config)#logging email sender myUnit@myNetwork.com 
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logging email source-interface </nterface> 


Use the logging email source-interface command to use the specified interface’s IP address as the source 
IP address for email messages transmitted by the unit. Use the no form of this command if you do not wish 
to override the normal source IP address. 


Syntax Description 





<interface> Specifies the interface to be used as the source IP address for email 

messages. Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1tap 1/1.1. Type logging email source-interface ? for a complete list 
of valid interfaces. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 14.1 Command expanded to include tunnel interface. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 





This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 


The following example configures the unit to use the loopback 1 interface as the source IP for email 
messages: 


(config)#logging email source-interface loopback 1 
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logging facility <type> 


Use the logging facility command to specify a syslog facility type for the syslog server. Error messages 
meeting specified criteria are sent to the syslog server. For this service to be active, you must enable log 
forwarding. Refer to logging forwarding on on page 857 for related information. Facility types are 
described under Functional Notes below. Use the no form of this command to return to the default setting. 


Syntax Description 





<type> Specifies the syslog facility type (refer to Functional Notes below). The 
following is a list of all the valid facility types: 
auth Authorization system 
cron Cron facility 
daemon System daemon 
kern Kernel 


local0 -local7 Reserved for locally defined messages 





Ipr Line printer system 
mail Mail system 
news USENET news 
sys9 - sys14 System use 
syslog System log 
user User process 
uucp UNIX-to-UNIX copy system 

Default Values 

The default value is local7. 

Command History 

Release 3.1 Command was introduced. 


Usage Examples 
The following example configures the syslog facility to the cron facility type: 


(config)#logging facility cron 
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logging forwarding on 


Use the logging forwarding on command to enable the AOS syslog event feature. Use the logging 
forwarding priority-level command to specify the event matching the criteria used by AOS to determine 
whether a message should be forwarded to the syslog server. Refer to logging forwarding priority-level on 
page 58 for related information. Use the no form of this command to disable the syslog event feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, syslog event notification is disabled. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables the AOS syslog event feature: 


(config)#logging forwarding on 
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logging forwarding priority-level 


Use the logging forwarding priority-level command to set the threshold for events sent to the configured 
syslog server specified using the logging forwarding receiver-ip command. All events with the specified 
priority or higher will be sent to all configured syslog servers. Refer to logging email priority-level on page 
$52 for more information. Use the no form of this command to return to the default priority. Variations of 
this command include: 


logging forwarding priority-level error 
logging forwarding priority-level fatal 
logging forwarding priority-level info 
logging forwarding priority-level notice 
logging forwarding priority-level smdr 
logging forwarding priority-level warning 


Syntax Description 





Sets the minimum priority threshold for sending messages to the syslog server specified using the logging 
forwarding receiver-ip command. The following priorities are available (ranking from lowest to highest): 


error Logs events with error and fatal priorities. 

fatal Logs only events with a fatal priority. 

info Logs all events. 

notice Logs events with notice, warning, error, and fatal priorities. 
smdr Logs events with smdr priorities. 

warning Logs events with warning, error, and fatal priorities. 


Default Values 





By default, the logging forwarding priority-level is set to warning. 


Command History 





Release 1.1 Command was introduced. 
Release 12.1 Command was expanded to include smdr. 


Usage Examples 





The following example sends all messages with warning level or greater to the syslog server listed using 
the logging forwarding receiver-ip command: 


(config)#logging forwarding priority-level warning 
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logging forwarding receiver-ip </p address> 


Use the logging forwarding receiver-ip command to specify the IP address of the syslog server to use 
when logging events that match the criteria configured using the logging forwarding priority-level 
command. Enter multiple logging forwarding receiver-ip commands to develop a list of syslog servers to 
use. Refer to logging forwarding priority-level on page 858 for related information. Use the no form of this 
command to remove a configured address. 


Syntax Description 


<ijpp address> Specifies the IP address of the syslog server to use when logging 
messages. IP addresses should be expressed in dotted decimal notation 
(for example, 10.10.10.1). 


Default Values 





By default, there are no configured syslog server addresses. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies a syslog server (with address 172.5.67.99) to use when logging 
messages: 


(config)#logging forwarding receiver-ip 172.5.67.99 
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logging forwarding source-interface <interface> 
Use the logging forwarding source-interface command to configure the specified interface’s IP address 


as the source IP address for the syslog server to use when logging events. Use the no form of this command 
if you do not wish to override the normal source IP address. 


Syntax Description 





<interface> Specifies the interface to be used as the source IP address for event log 
traffic. Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type logging forwarding source-interface? for a 
complete list of valid interfaces. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 14.1 Command expanded to include tunnel interface. 
Release 17.1 Command expanded to include ATM interface. 


Functional Notes 





This command allows you to override the sender field in the IP packet. If you have multiple interfaces in 
your unit, changing the sender tells the receiver where to send replies. This functionality can also be used 
to allow packets to get through firewalls that would normally block the flow. 


Usage Examples 


Configures the unit to use the loopback 1 interface as the source IP for event log traffic: 


(config)#logging forwarding source-interface loopback 1 
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mac access-list standard <name> 


Use the mac access-list standard command to create an empty MAC access control list (ACL) and enter 
the Standard MAC Access List command set. Use the no form of this command to delete a MAC ACL and 
all the entries contained in it. The mac access-list standard command is currently for use only with 
wireless access points (APs). The following lists the complete syntax for the mac access-list standard 
command: 


(config)#mac access-list standard <name> 
(config-std-mac-acl)#<action> <source> 


Syntax Description 





<name> Identifies the configured MAC ACL using an alphanumeric descriptor. All MAC 
ACL descriptors are case sensitive. 

<action> permit Permits entry to the access point for specified wireless station MACs. 

<source> Specifies the source used for packet matching. Sources are expressed by 


using host <mac address> to specify a single host address. MAC 
addresses should be expressed in the following format: xx:xx:xx:XX:Xx:xXx 
(for example, 00:A0:C8:00:00:01). 


Default Values 





By default, all AOS security features are disabled and there are no configured MAC ACLs. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





MAC ACLs are used as packet selectors by the wireless features; by themselves, the MAC ACLs do 
nothing. A MAC ACL entry contains two parts: an action (permit) and a MAC address. A permit ACL is 
used to match packets (meeting the specified pattern) to enter the AP. AOS provides only standard MAC 
ACLs. Standard ACLs match based on the source of the packet. 


Usage Examples 





The following example creates a MAC ACL named Trusted to permit all packets entry to the AP with MAC 
address 00:A0:C8:00:00:01. 


(config)#mac access-list standard Trusted 
(config-std-mac-acl)#permit 00:A0:C8:00:00:01 


For more information about configuring MAC ACLs, refer to the MAC ACL Quick Configuration Guide on 
the AOS Documentation CD or online at www.adtran.com. 
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mac address-table aging-time <va/ue> 
Use the mac address-table aging-time command to set the length of time dynamic MAC addresses 


remain in the switch or bridge forwarding table. Use the no form of this command to reset this length to the 
default setting. 


Syntax Description 





<value> Sets an aging time in seconds. Range is 10 to 1,000,000 seconds. Set to 0 
to disable the timeout. 


Default Values 





By default, the aging time is 300 seconds. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the aging time to 10 minutes: 


(config)#mac address-table aging-time 600 
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mac address-table static <mac address> bridge <bridge id> interface 
<interface> 


Use the mac address-table static bridge interface command to insert a static MAC address entry into the 
bridge forwarding table. Use the no form of this command to remove an entry from the table. 


Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in the following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). 

<bridge id> Specifies a valid bridge interface ID. 

<interface> Specifies an interface in the format <interface type [slot/port | 


slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type mac address-table static bridge interface ? for a 
complete list of valid interfaces. 


Default Values 





By default, there are no static entries configured. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example adds a static MAC address to PPP 1 on bridge 4: 
(config)#mac address-table static 00:A0:C8:00:00:01 bridge 4 interface ppp 1 
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mac address-table static <mac address> vlan <vian id> interface 
<interface> 


Use the mac address-table static vlan interface command to insert a static MAC address entry into the 
MAC address table. Use the no form of this command to remove an entry from the table. 


Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in the following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). 

<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 

<interface> Specifies an interface in the format <interface type [slot/port | 


slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1tap 1/1.1. Type mac address-table static <mac address> vlan <vian 
id> interface ? for a complete list of valid interfaces. 


Default Values 





By default, there are no static entries configured. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example adds a static MAC address to Ethernet 0/1 on VLAN 4: 
(config)#mac address-table static 00:A0:C8:00:00:01 00:12:79:00:00:01 vian 4 interface ethernet 0/1 
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mail-client <agent name> 
Use the mail-client command to create a general purpose mail agent and enter the Mail Agent 


Configuration mode. Use the no form of this command to delete the mail agent. Refer to the Mail Agent 
Configuration Command Set on page 2562 for more information. 


Syntax Description 





<agent name> Specifies the name of the created mail agent. 


Default Values 





By default, no mail agents exist. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example creates a mail agent called myagent and enters the Mail Agent Configuration 
mode: 


(config)#mail-client myagent 
(config-mail-client-myagent)# 
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modem countrycode <value> 


Use the modem countrycode command to specify the modem configuration for the applicable country. 


Syntax Description 





<value> Specifies the modem configuration for the applicable country. Refer to 
Functional Notes for countrycode values. 


Default Values 





By default, modem countrycode is set to USA/Canada. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





The following country codes are available for modem configuration: 


Algeria - Algeria Modem configuration 
Argentina - Argentina Modem configuration 
Australia - Australia Modem configuration 
Austria - Austria Modem configuration 
Bahrain - Bahrain Modem configuration 
Belgium - Belgium Modem configuration 
Bolivia - Bolivia Modem configuration 
Brazil - Brazil Modem configuration 

Chile - Chile Modem configuration 
China - China Modem configuration 
Colombia - Colombia Modem configuration 
Costa_Rica - Costa_Rica Modem configuration 
Cyprus - Cyprus Modem configuration 
Czechoslovakia - Czechoslovakia Modem configuration 
Denmark - Denmark Modem configuration 
Ecuador - Ecuador Modem configuration 
Egypt - Egypt Modem configuration 
Finland - Finland Modem configuration 
France - France Modem configuration 
Germany - Germany Modem configuration 
Greece - Greece Modem configuration 
Guatemala - Guatemala Modem configuration 
Hong_Kong - Hong_Kong Modem configuration 
Hungary - Hungary Modem configuration 
India - India Modem configuration 
Indonesia - Indonesia Modem configuration 
Ireland - Ireland Modem configuration 
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Israel 

Italy 

Japan 
Jordan 
Korea 
Kuwait 
Lebanon 
Malaysia 
Mexico 
Morocco 
Netherlands 
New_Zealand 
Norway 
Oman 
Panama 
Peru 
Philippines 
Poland 
Portugal 
Puerto_ Rico 
Qatar 
Russia 
Saudi_ Arabia 
Singapore 
Slovakia 
Slovenia 
South_Africa 
Spain 
Sweden 
Switzerland 
Syria 
Taiwan 
Thailand 
Trinidad 
Tunisia 
Turkey 

UAE 

UK 
USA/Canada 
Uruguay 
Venezuela 
Yemen 


- Israel Modem configuration 

- Italy Modem configuration 

- Japan Modem configuration 

- Jordan Modem configuration 

- Korea Modem configuration 

- Kuwait Modem configuration 

- Lebanon Modem configuration 

- Malaysia Modem configuration 

- Mexico Modem configuration 

- Morocco Modem configuration 

- Netherlands Modem configuration 
- New_Zealand Modem configuration 
- Norway Modem configuration 

- Oman Modem configuration 

- Panama Modem configuration 

- Peru Modem configuration 

- Philippines Modem configuration 

- Poland Modem configuration 

- Portugal Modem configuration 

- Puerto_Rico Modem configuration 
- Qatar Modem configuration 

- Russia Modem configuration 

- Saudi_Arabia Modem configuration 
- Singapore Modem configuration 

- Slovakia Modem configuration 

- Slovenia Modem configuration 

- South_Africa Modem configuration 
- Spain Modem configuration 

- Sweden Modem configuration 

- Switzerland Modem configuration 
- Syria Modem configuration 

- Taiwan Modem configuration 

- Thailand Modem configuration 

- Trinidad Modem configuration 

- Tunisia Modem configuration 

- Turkey Modem configuration 

- UAE Modem configuration 

- UK Modem configuration 

- USA/Canada Modem configuration 
- Uruguay Modem configuration 

- Venezuela Modem configuration 

- Yemen Modem configuration 
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Usage Examples 





The following example specifies to use the USA/Canada modem configuration. 


(config)#modem countrycode USA/Canada 
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monitor session <number> 


Use the monitor session command to configure a port mirroring session. Use the no form of this command 
to remove a port mirroring session or to remove a source or destination interface. Variations of this 
command include: 


monitor session <number> destination interface <interface> no-isolate 
monitor session <number> destination interface <interface> no-tag 

monitor session <number> destination interface <interface> no-isolate no-tag 
monitor session <number> destination interface <interface> no-tag no-isolate 
monitor session <number> source interface <interface> 

monitor session <number> source interface <interface> both 

monitor session <number> source interface <interface> rx 

monitor session <number> source interface <interface> tx 


Syntax Description 


<number> Selects the monitor session number (only one is allowed). 
destination Selects the destination interface. 

source Selects the source interface(s). A range of interfaces is allowed. 
interface <interface> Specifies an interface in the format <interface type [slot/port | 


slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
dotitap 1/1.1. Type monitor session <number> [destination | source] 
interface ? for a complete list of valid interfaces. 


both Optional. Monitors both transmitted and received traffic. 

rx Optional. Monitors received traffic only. 

x Optional. Monitors transmitted traffic only. 

no-tag Removes the VLAN tag that is normally appended to mirrored traffic. 
no-isolate Allows native traffic to continue to pass on the port set as the mirroring 


session destination. 


Default Values 


By default, traffic is monitored in both directions. Also by default, the destination port is isolated from 
passing native traffic. 


Command History 





Release 5.1 Command was introduced. 
Release 13.1 Command was expanded to include no-isolate option. 
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Usage Examples 





The following example sets Ethernet 0/1 as the destination interface and adds Ethernet 0/2, Ethernet 0/3, 
and Ethernet 0/5 as source ports: 


(config)#monitor session 1 destination interface eth 0/1 
(config)#monitor session 1 source interface eth 0/2-3, eth 0/5 
The following example sets Gigabit-Switchport 0/1 as the destination interface and removes the VLAN tag: 


(config)#monitor session 1 destination interface gigabit-switchport 0/1 no-tag 


The following example sets Switchport 0/1 as the source interface and monitors both transmitted and 
received traffic: 


(config)#monitor session 1 source interface switchport 0/1 both 
The following example sets Gigabit-Switchport 0/1, and Switchport 0/2 through Switchport 0/12 as source 
interfaces and monitors only received traffic: 


(config)#monitor session 1 source interface gigabit 0/1, eth 0/2-12 rx 
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ntp master 


Use the ntp master command to globally set the system as an authoritative Network Time Protocol (NTP) 
server. 


ntp master 
ntp master <value> 


Syntax Description 





<value> Optional. Specify the stratum number. The valid range is 1 to 15. We 
recommend not setting the stratum higher than 2. 


Default Values 





By default, the NTP server is not enabled. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example enables the master NTP server: 


(config)#ntp master 
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ntp max-associations <value> 
Use the ntp max-associations command to set the maximum number of simultaneous Network Time 


Protocol (NTP) associations allowed with other NTP clients or peers Use the no form of this command to 
return to the default setting. 


Syntax Description 





<value> Specify the maximum number of associations. The valid range is 
1 to 4294967295. 


Default Values 





By default, the maximum associations is 100. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies the maximum associations of 250: 


(config)#ntp max-associations 250 
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ntp peer <name> 


Use the ntp peer command to specify a peer association with another Network Time Protocol (NTP) 
system. Any combination of peer associations can be simultaneously configured. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ntp peer <name> 
ntp peer <name> [normal-sync | prefer | source <interface> | version] 


Syntax Description 





<name> Specify the host name or IP address of the NTP server. 
normal-sync Disables the rapid synchronization feature. 
prefer Specifies the preference of using the specified server above all other 


configured NTP servers. 


source <interface> Specifies the source interface (physical or virtual) to use for the peer. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use 
atm 1.1. Enter ntp peer <name> source ? for a list of valid interfaces. 


version Specifies the version number for outgoing NTP packets. 


Default Values 





By default, the ntp peer is not set. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example defines clock1 as the NTP peer server: 


(config)#ntp peer clock1 
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ntp server <name> 


Use the ntp peer command to specify a server association with another NTP system. Any combination of 
peer associations can be simultaneously configured. Use the no form of this command to return to the 
default setting. Variations of this command include: 


ntp server <name> 
ntp server <name> [prefer | source <interface> | version] 


Syntax Description 





<name> Specify the host name or IP address of the NTP server. 


prefer Specifies the preference of using the specified server above all other 
configured NTP servers. 

source <interface> Specifies the source interface (physical or virtual) to use for the server. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use 
atm 1.1. Enter ntp server <name> source ? for a list of valid interfaces. 


version Specifies the version number for outgoing NTP packets. 


Default Values 


By default, the ntp server is not set. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 
The following example defines NTP22 as the preferred NTP server: 


(config)#ntp server NTP22 prefer 
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ntp source </nterface> 


Use the ntp source command to specify the source interface for the NTP packets. Use the no form of this 
command to return to the default setting. 


Syntax Description 


<interface> Specifies the source interface (physical or virtual) to use for the server. 
Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; and for an ATM subinterface, use 
atm 1.1. Enter ntp source ? for a list of valid interfaces. 


Default Values 





By default, the NTP source interface is not set. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example defines NTP source interface as ppp 1: 


(config)#ntp source ppp 1 
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ntp update-rtc 


Use the ntp update-rtc command to specify periodically updating the clock in realtime. Use the no form 
of this command to return to the default setting. 


Syntax Description 


No subcommanas. 


Default Values 
By default, the NTP is disabled. 





Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example set the clock to periodically update the timing: 


(config)#ntp update-rtc 
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portal-list <name> <portall portal2 portal3...> 


Use the portal-list command to create a portal list to associate with a local user name. Use the username 
portal-list command (on page 949) to assign this portal list to an already configured user name. Use the no 
form of this command to remove the portal-list. 





Wor Entering this command with the same name, but a different portal list will overwrite the 


original portal list. 





Syntax Description 





<name> Specifies the name of the portal list (maximum of 80 characters). 
<portal> Specifies the portals assigned to this portal list. The list can contain any 
combination of the portals listed below: 
console Allows the list holder to access the unit via the console. 
ftp Allows the list holder to access the unit via FTP. 
http-admin Allows the list holder to view the configuration and statistics via HTTP. 
ssh Allows the list holder to access the unit via SSH. 
telnet Allows the list holder to access the unit via TELNET. 


Default Values 





By default, no portal lists are defined. 


Command History 





Release 17.1 Command was introduced. 


Functional Notes 





The same portal list can be assigned to multiple user names. Once the list is assigned to the user name, 
that user name can only authenticate the portals in the list. If a list is not assigned to a user name, that user 
name can be used with any portal that is set for local login. 


Usage Examples 





The following example assigns the console, telnet, and ssh portals the portal list engineers: 


(config)#portal-list engineers console telnet ssh 
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port-auth default 


Use the port-auth default command to set all global port-authentication settings to their default states. 


Syntax Description 





No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets all global port-authentication settings to their default states: 


(config)#port-auth default 
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port-auth max-req <number> 
Use the port-auth max-req command to specify the maximum number of identity requests the 


authenticator will transmit before restarting the authentication process. Use the no form of this command 
to return to the default setting. 


Syntax Description 





<number> Specifies the maximum number of authentication requests. 


Default Values 





By default, the maximum number of authentication requests is set at 2. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of authentication requests at 4: 


(config)#port-auth max-req 4 
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port-auth re-authentication 


Use the port-auth re-authentication command to enable re-authentication. Use the no form of this 
command to disable this feature. 


Syntax Description 


No subcommands necessary. 


Default Values 





By default, re-authentication is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables re-authentication: 


(config)#port-auth reauthentication 
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port-auth supplicant 


Use the port-auth supplicant command to enable the port-authentication supplicant mode feature and to 
enter the Port-Authentication Supplicant Configuration mode. Use the no form of this command to remove 
the supplicant mode parameters. Variations of this command include: 


port-auth supplicant 
port-auth supplicant username <username> password <password> 


Syntax Description 





supplicant Specifies that port authentication is in supplicant mode. 
username <username> Specifies the user name used for supplicant authentication. 
password <password> Specifies the password used for supplicant authentication. 


Default Values 





By default, port authentication and port authentication supplicant mode is disabled. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





The supplicant user name and password can be stored in the port and set in the session if it exists. This 
allows for the user name and password to be set before the supplicant functionality is enabled. 


Usage Examples 


The following example sets the user name of admin and the password of password for supplicant mode 
authentication on the eth 0/1 interface: 


(config)#interface eth 0/1 
(config-eth-0/1)#port-auth supplicant username admin password password 
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port-auth timeout 


Use the port-auth timeout command to configure various port authentication timers. Use the no form of 
this command to return to the default settings. Variations of this command include: 


port-auth timeout quiet-period <va/ue> 
port-auth timeout re-authperiod <value> 
port-auth timeout tx-period <va/ue> 


Syntax Description 





quiet-period <value> Specifies the amount of time the system will wait before attempting another 
authentication once a failure has occurred. Range is 1 to 65,535 seconds. 

re-authperiod <va/ue> Specifies the amount of time between scheduled re-authentication 
attempts. Range is 1 to 4,294,967,295 seconds. 

tx-period <value> Specifies the amount of time the authenticator will wait between identity 


requests. Range is 1 to 65,535 seconds. 


Default Values 





By default, quiet-period is set to 60 seconds, re-authperiod is set to 3600 seconds (1 hour), and 
tx-period is set to 30 seconds. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 


The following example sets the quiet-period to 10 seconds: 


(config)#port-auth timeout quiet-period 10 
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port-channel load-balance 


Use the port-channel load-balance command to configure port aggregation load distribution. Use the no 
form of this command to reset distribution to its default setting. Variations of this command include: 


port-channel load-balance dst-mac 
port-channel load-balance src-mac 


Syntax Description 





dst-mac Specifies the destination MAC address. 
src-mac Specifies the source MAC address. 


Default Values 





By default, load balance is set to src-mac. 


Command History 


Release 5.1 Command was introduced. 


Functional Notes 





During port aggregation, the port channel interface must determine on which physical port to transmit 
packets. With the source-address configuration, the source MAC address of the received packets is used 
to determine this allocation. Packets coming from a specific host always use the same physical port. 
Likewise, when the destination address configuration is used, packets are forwarded based on the MAC 
address of the destination. Packets destined for a specific host always use the same physical port. 


Usage Examples 





The following example sets the load distribution to use the destination MAC address: 


(config)#port-channel load-balance dst-mac 
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power-supply shutdown automatic 
Use the power-supply shutdown automatic command to enable the power supplies to automatically shut 


down when the unit temperature exceeds the maximum operating temperature. Use the no form of this 
command to disable. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is enabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example enables the power supplies to shut down automatically if the temperature gets too 
high: 


(config)#power-supply shutdown automatic 
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probe 


Use the probe command to create a probe as part of network monitoring. This command is also used to 
enter into the Network Monitoring Probe command set once a probe is created. A probe can be one of five 
types: http-request, icmp-echo, icmp-timestamp, tcp-connect, or twamp. Each probe type has a set of 
commands used for configuration. These additional commands are covered in Network Monitor Probe 
Configuration Command Set on page 2150. Use the no form of this command to delete the probe. 
Variations of this command include: 


probe <name> http-request 
probe <name> icmp-echo 
probe <name> icmp-timestamp 
probe <name> tcp-connect 
probe <name> twamp 





‘ore Issue the no shutdown command to activate the probe once it is configured. 








The probe is not operational until tolerance is defined. Refer to Network Monitor Probe 
Configuration Command Set page 2150 for more information. 








Syntax Description 





<name> Specifies the name of the probe being created, or indicates the probe 
affected by the commands that follow. 

http-request Specifies the probe type being created as an HTTP request. 

icmp-echo Specifies the probe type being created as an ICMP echo. 

icmp-timestamp Specifies the probe type being created as an ICMP timestamp. 

tcp-connect Specifies the probe type being created as a TCP connect. 

twamp Specifies the probe type being created as a Two-way Active Measurement 


Protocol (TWAMP). 


Default Values 





By default, there are no probes configured. 


Command History 





Release 13.1 Command was introduced. 
Release 17.2 Command was expanded to include the ICMP timestamp and TWAMP 
probe types. 
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Usage Examples 





The following example creates an ICMP echo probe called probe1: 


>enable 

#configure terminal 
(config)#probe probe1 icmp-echo 
(config-probe-probe1 )# 


Technology Review 





Probes are standalone objects that help determine the status of a route based on the success or failure of 
probe traffic across the path. The probes can be configured to trigger at particular intervals. There are 
three types of probes supported by AOS: icmp-echo, tcp-connect, and http-request. Commands 
common to all the probe types are identified in the following section, as well as isolated commands that 
only apply to the specific probe types. 


Additional configuration commands are available for associating tracks with each probe. These are 
explained in the Network Monitor Track Configuration Command Set on page 2185. 
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probe responder 


Use the probe responder command to enable a probe responder to respond to specific probe packets. 
Additional commands for each responder type are covered in Network Monitor Probe Responder 
Configuration Command Set on page 2177. Use the no form of this command to stop the probe responder 
from responding to the specific probe packets. Variations of this command include: 


probe responder icmp-timestamp 
probe responder twamp 
probe responder udp-echo 





‘one Issue the no shutdown command to activate the probe responder once it is configured. 





Syntax Description 





icmp-timestamp Specifies the probe responder type as ICMP timestamp. 

twamp Specifies the probe responder type as Two-way Active Measurement 
Protocol (TWAMP). 

udp-echo Specifies the probe responder type as a User Datagram Protocol (UDP) 
echo. 


Default Values 





By default, there are no probe responders enabled. 


Command History 


Release 17.2 Command was introduced. 


Usage Examples 





The following example enables the UDP echo probe responder: 


>enable 

#configure terminal 

(config)#probe responder udp-echo 
(config-probe-probe1 )# 
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qos cos-map <cos queue id> <cos value> 


Use the qos cos-map command to associate class of service (CoS) values with each queue. Use the no 
form of this command to return to the default settings. 


Syntax Description 


<cos queue id> Specifies the queue number that you are assigning CoS value(s). 


<cos value> Associates listed CoS values with a particular priority queue. Multiple CoS 
values can be applied to a specified queue. Valid range is 0 to 7. 


Default Values 





By default, CoS 0 and 1 are mapped to queue 1; CoS 2 and 3 are mapped to queue 2; CoS 4 and 5 are 
mapped to queue 3; CoS 6 and 7 are mapped to queue 4. 


Command History 


Release 5.1 Command was introduced. 


Usage Examples 





The following example maps CoS values 4 and 5 to queue 1: 


(config)#qos cos-map 1 45 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 888 


Command Reference Guide Global Configuration Mode Command Set 





qos dscp-cos 


Use the qos dscp-cos command to set the differentiated services code point (DSCP) to class of service 
(CoS) map and enable the mapping process. Use the no form of this command to disable mapping. 
Variations of this command include: 


qos dscp-cos <dscp value> to <cos value> 
qos dscp-cos default 


Syntax Description 





<dscp value> Specifies DSCP values (separating multiple values with a space). Valid 
range is 0 to 63. 

<cos value> Specifies CoS values (separating multiple values with a space). Valid range 
is 0 to 7. 

default Sets the map to the following default values: 
DSCP O | 8 | 16 | 24 | 32 | 40] 48 | 56 
CoS Oo | 1 {| 2 | 3 | 4 | 5 | 6 | 7 


Default Values 


By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





When one of the specified DSCP values is detected in an incoming packet, the CoS priority is altered 
based on the corresponding map value. By configuring the list, the mapping functionality is enabled. 


Usage Examples 





The following example enables the mapping of DSCP values 24 and 48 to CoS values 1 and 2: 
(config)#qos dscp-cos 24 48 to 1 2 


The following example disables DSCP-to-CoS mapping: 


(config)#no qos dscp-cos 
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qos map <name> <number> 


Use the qos map command to create a QoS map and activate the QoS Map Command Set (which allows 
you to edit a QoS map). For details on specific commands, refer to the section Quality of Service Map 
Command Set on page 2573. Use the no form of this command to delete a map entry. Variations of this 
command include: 


qos map <name> <number> 
qos map <name> <number> match-all 
qos map <name> <number> match-any 


Syntax Description 





<name> Specifies the QoS map name. 

<number> Assigns a sequence number to differentiate this QOS map and provide a 
match order. Valid range is 0 to 65,535. 

match-all Optional. Indicates the traffic must match all conditions before the set action 
is issued. 

match-any Optional. Indicates the traffic can match any of the conditions to be 


processed, which is the default behavior. 


Default Values 





By default, there are no QoS maps defined. Once created, the default behavior is to match any of the 
conditions set for the QoS map. 


Command History 





Release 6.1 Command was introduced. 
Release 17.2 Command was expanded to include match-all and match-any parameters. 


Functional Notes 





AOS uses QoS maps to classify packets into groups for matching. A QoS map contains multiple class 
entries, each of which has packet match cases, and a set of actions for the particular group (actions are 
defined by bandwidth, priority, set, and shape commands). Multiple map entries for the same QoS map 
are differentiated by a sequence number. The sequence number is used to assign the order in which the 
conditions are matched. 


Once created, a QoS map must be applied to an interface (using the qos-policy out command) in order to 
actively process traffic. Refer to gos-policy on page 1169 in the Ethernet Interface Configuration Command 
Set for more information on assigning the map to an interface. Any traffic for the interface that is not sent to 
the priority queue is sent using the default queuing method for the interface (such as weighted fair 
queuing). 


Usage Examples 


The following example demonstrates basic settings for a QoS map and assigns a map to the Frame Relay 
interface: 
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>enable 

#config terminal 

config)#qos map VOICEMAP 10 
config-qos-map)#match precedence 5 
config-qos-map)#priority 512 
config-qos-map)#exit 
config)#interface fr 1 


( 
( 
( 
( 
( 
(config-fr 1)#qos-policy out VOICEMAP 
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qos queue-type strict-priority 


Use the qos queue-type strict-priority command to enable queuing based strictly on the priority of each 
queue. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the queue type is weighted round robin (WRR). 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables strict-priority queuing: 


(config)#qos queue-type strict-priority 
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qos queue-type wrr 


Use the qos queue-type wrr command to set weights for up to four queues. Use the no form of this 
command to set all queues to be weighted round robin (WRR). Variations of this command include: 


qos queue-type wrr <weight1> <weight2> <weight3> expedite 
qos queue-type wrr <weight1> <weight2> <weight3> <weight4> 


Syntax Description 





<weight1-4> Sets the weight of each queue (up to four). All queue weights must be 
greater than zero, except for the weight for the last queue (queue 4). The 
range for queues 1 to 3 is 1 to 255. The range for queue 4 is 0 to 255. 


expedite The queue 4 entry can be replaced by the expedite command. If set to 
expedite, then it becomes a high-priority queue. All outbound traffic is 
transmitted on an expedite queue prior to any other traffic in other queues. 


Default Values 


By default, all four weights are set to 25. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


The actual weight is a calculated value based on the sum of all entered weights. It is the ratio of the 
individual weight over the sum of all weights. 


For example: 


If the user enters 10, 20, 30, and 40 as the weight values, the first queue will have a ratio of 1/10. This is 
derived from the formula 10/(10+20+30+40). Therefore, this queue will transmit 1 packet out of every 10 
opportunities. 

Usage Examples 


The following example configures weights for all four queues: 


(config)#qos queue-type wrr 10 20 30 40 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 893 


Command Reference Guide 


Global Configuration Mode Command Set 





radius-server 


Use the radius-server command to configure several global RADIUS parameters. Most of these global 
defaults can be overridden on a per-server basis. Use the no form of this command to return to the default 
settings. Variations of this command include the following: 


radius-server challenge-noecho 
radius-server deadtime <value> 
radius-server enable-username <name> 


radius-server key <key> 


radius-server retry <number> 
radius-server timeout <va/lue> 


Syntax Description 





challenge-noecho 


deadtime <value> 


enable-username <name> 
key <key> 
retry <number> 


timeout <value> 


Default Values 


Turns off echoing of user challenge-entry. When echo is turned on, users 
see the text of the challenge as they type responses. Enabling this option 
hides the text as it is being entered. 

Specifies how long (in minutes) a RADIUS server is considered dead once 
a timeout occurs. The server will not be tried again until after the deadtime 
expires. Valid range is 0 to 1440 minutes. 

Specifies a user name to be used for Enable mode authentication. 
Specifies the shared key to use with a RADIUS server. 

Specifies the number of attempts to make on a RADIUS server before 
marking it dead. 


Specifies how long (in seconds) to wait for a RADIUS server to respond to a 
request. Valid range is 1 to 1000 seconds. 





challenge-noecho 
deadtime 

key 

retry 

timeout 
enable-username 


Command History 


Release 5.1 
Release 7.1 


Echo is turned on 
1 minute 

No default 

3 attempts 

5 seconds 
$enab15$ 


Command was introduced. 
Added enable-username selection. 
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Functional Notes 





RADIUS servers (as defined with the radius-server command) may have many optional parameters. 
However, they are uniquely identified by their addresses and ports. Port values default to 1812 and 1813 
for authorization and accounting, respectively. If a server is added to a named group, but is not defined by 
a radius-server command, the server is simply ignored when accessed. Empty server lists are not 
allowed. When the last server is removed from a list, the list is automatically deleted. 


Usage Examples 





The following example shows a typical configuration of these parameters: 


(config)#radius-server challenge-noecho 
(config)#radius-server deadtime 10 
(config)#radius-server timeout 2 
(config)#radius-server retry 4 
(config)#radius-server key my secret key 
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radius-server host 


Use the radius-server host to specify the parameters for a remote RADIUS server. At a minimum, the 
address (IP or DNS name) of the server must be given. The other parameters are also allowed and (if not 
specified) will take default values or fall back on the global RADIUS server’s default settings. Use the no 
form of this command to return to the default settings. Variations of this command include: 


radius-server host <ip address> 

radius-server host <ip address> acct-port <port> 

radius-server host <ip address> acct-port <port> acct-port 
radius-server host <ip address> auth-port <port> 

radius-server host </p address> auth-port <port> acct-port 
radius-server host <ip address> key encrypted <key> 
radius-server host <ip address> key encrypted <key> acct-port 
radius-server host <ip address> key <key> 

radius-server host <ip address> key <key> acct-port 
radius-server host <ip address> retransmit <number> 
radius-server host <ip address> retransmit <number> acct-port 
radius-server host <ip address> timeout <value> 

radius-server host <ip address> timeout <va/ue> acct-port 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 

acct-port <port> Sends accounting requests to this remote port. Choose a port value 
between 0 and 65,535. 

auth-port <port> Sends authentication requests to this remote port. Choose a port value 
between 0 and 65,535. 

key <key> Defines the shared key with the RADIUS server (uses RADIUS global 


setting if not given). Note that the key must appear last on the input line 
since it reads the rest of the line beyond the key keyword. 

key encrypted <key> Defines an encrypted shared key with the RADIUS server (uses RADIUS 
global setting if not given). Note that the key must appear last on the input 
line since it reads the rest of the line beyond the key keyword. 

retransmit <number> Retries server after timeout this number of times (uses RADIUS global 
setting if not given). Range is 1 to 100. 


timeout <value> Waits for a response this number of seconds (uses RADIUS global setting if 
not given). Range is 1 to 1000 seconds. 


Default Values 





By default, acct-port is set to 1813 and auth-port is set to 1812. 
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Command History 





Release 5.1 Command was introduced. 
Release 11.1 Command was expanded to include the key encrypted command. 


Usage Examples 





The following example shows a typical configuration of these parameters: 


(config)#radius-server host 1.2.3.4 
(config)#radius-server host 3.3.1.2 acct-port 1646 key my key 
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route-map 


Use the route-map command to create a route map and enter the Route Map Configuration command set. 
A route map is a type of filter that matches various attributes and then performs actions on the way the 
route is redistributed. Use the no form of this command to delete a route map. Variations of this command 
include: 


route-map <name> <number> 
route-map <name> deny <number> 
route-map <name> permit <number> 


Syntax Description 





<name> Specifies a name for the route map. 

deny Specifies not to redistribute routes matching the route map attributes. 

permit Redistributes routes matching the route map attributes. 

<number> Specifies a sequence number of this route entry. Range is 1 to 
4,294,967,295. 


Default Values 





By default, no route maps are defined. 


Command History 


Release 9.3 Command was introduced. 


Functional Notes 





Route maps can be assigned to a neighbor using the route-map command in the BGP Neighbor 
command set. Refer to route-map <name> on page 2143 for more information. 


Usage Examples 





The following example creates the route map, specifies that routes matching its criteria will be denied, and 
assigns a sequence number of 100: 


(config)#route-map MyMap deny 100 
(config-route-map)# 


You can then define the attributes of the route map from the Route Map Configuration command set. Enter 
a ? at the (config-route-map)# prompt to explore the available options. 
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router bgp 
Use the router bgp command to enter the BGP Configuration mode. Refer to the BGP Configuration 
Command Set on page 2115 for more information. Use the no form of this command to disable BGP 


routing. 


Syntax Description 





No subcommanas. 


Default Values 
By default, BGP is disabled. 





Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example uses the router bgp command to enter the BGP Configuration mode: 


(config)#router bgp 
(config-bgp)# 


Technology Review 





The following AOS BGP-related guidelines may help guide decisions made during basic BGP 
implementation. 


Ignore route if next hop is unreachable. 


Prefer route with largest weight (only used in the local router, set by applying route maps to set this value 
on desired inbound updates). 


Prefer route with largest local preference. 
Prefer route injected by this router via network command. 
Prefer route with shortest AS_ PATH. 


Prefer route with lowest origin type. Routes originally injected by the network command or aggregation 
(IGP) have a lower origin type than those originally injected by redistribution into BGP. 


Prefer routes with lowest MED value. 


Before the route is installed into the route table (forwarding table), a check is made of other sources that 
may have information about the same subnet (static routes, IGP, etc.). The route with the lowest 
administrative distance is installed. 
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router ospf 
Use the router ospf command to activate OSPF in the router and to enter the OSPF Configuration mode. 


Refer to the section Router (OSPF) Configuration Command Set on page 2200 for more information. Use 
the no form of this command to disable OSPF routing. 


Syntax Description 





No subcommanas. 


Default Values 
By default, OSPF is disabled. 





Command History 





Release 3.1 Command was introduced. 


Functional Notes 





AOS can be configured to use OSPF with the firewall enabled (using the ip firewall command). To do this, 
configure the OSPF networks as usual, specifying which networks the system will listen for and broadcast 
OSPF packets to. Refer to jp firewall on page 696 for more information. 


To apply stateful inspection to packets coming into the system, create a policy class that describes the type 
of action desired and then associate that policy class to the particular interface (refer to ip policy-class 
<name> <action> on page 744). The firewall is intelligent and will only allow OSPF packets that were 
received on an OSPF configured interface. No modification to the policy class is required to allow OSPF 
packets into the system. 


Usage Examples 


The following example uses the router ospf command to enter the OSPF Configuration mode: 


(config)#router ospf 
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router pim-sparse 


Use the router pim-sparse command to globally enable protocol-independent multicast (PIM) on the unit 
and to enter the PIM Sparse Configuration mode. Use the no form of this command to disable PIM Sparse 
routing. Refer to the section Router (PIM Sparse) Configuration Command Set on page 2220 for more 
information on the subcommands for PIM Sparse Configuration mode. 


Syntax Description 





No subcommanas. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Additional commands for PIM are found in the related interface configuration modes. Refer to the 

ip pim-sparse commands in sections such as Ethernet Interface Configuration Command Set on page 
1101, Frame Relay Subinterface Config Command Set on page 1529, HDLC Interface Configuration 
Command Set on page 1610, Loopback Interface Configuration Command Set on page 1682, PPP 
Interface Configuration Command Set on page 1749, Tunnel Configuration Command Set on page 1840, 
and VLAN Interface Configuration Command Set on page 1926 for more information. 


Usage Examples 





The following example uses the router pim-sparse command to enter the PIM Sparse Configuration 
mode: 


(config)#router pim-sparse 
(config-pim-sparse)# 
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router rip 
Use the router rip command to enter the RIP Configuration mode. Use the no form of this command to 


disable RIP routing. Refer to the section Router (RIP) Configuration Command Set on page 2224 for more 
information. 


Syntax Description 





No subcommanas. 


Default Values 
By default, RIP is disabled. 





Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example uses the router rip command to enter the RIP Configuration mode: 


(config)#router rip 
(config-rip)# 


Technology Review 





The RIP protocol is based on the Bellham-Ford (distance-vector) algorithm. This algorithm provides that a 
network will converge to the correct set of shortest routes in a finite amount of time, provided that: 


Gateways continuously update their estimates of routes. 
Updates are not overly delayed and are made on a regular basis. 
The radius of the network is not excessive. 

No further topology changes take place. 


RIP is described in RFC 1058 (Version 1) and updated in RFCs 1721, 1722, and 1723 for Version 2. 
Version 2 includes components that ease compatibility in networks operating with RIP V1. 


All advertisements occur on regular intervals (every 30 seconds). Normally, a route that is not updated for 
180 seconds is considered dead. If no other update occurs in the next 60 seconds for a new and better 
route, the route is flushed after 240 seconds. Consider a connected route (one on a local interface). If the 
interface fails, an update is immediately triggered for that route only (advertised with a metric of 16). 


Now consider a route that was learned and does not receive an update for 180 seconds. The route is 
marked for deletion, and even if it was learned on an interface, a poisoned (metric equals 16) route should 
be sent by itself immediately and during the next two update cycles with the remaining normal split horizon 
update routes. Following actual deletion, the poison reverse update ceases. If an update for a learned 
route is not received for 180 seconds, the route is marked for deletion. At that point, a 120-second garbage 
collection (GC) timer is started. During the GC timer period, expiration updates are sent with the metric for 
the timed-out route set to 16. 
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If an attached interface goes down, the associated route is immediately (within the same random 
five-second interval) triggered. The next regular update excludes the failed interface. This is the so-called 
first hand knowledge rule. If a gateway has first hand knowledge of a route failure (connected interfaces) or 
reestablishment, the same action is taken. A triggered update occurs, advertising the route as failed 
(metric equals 16) or up (normal metric) followed by the normal scheduled update. 


The assumption here is that if a gateway missed the triggered update, it will eventually learn from another 
gateway in the standard convergence process. This conserves bandwidth. 


RIP-Related Definitions: 


Route A description of the path and its cost to a network. 
Gateway A device that implements all or part of RIP (a router). 
Hop A metric that provides the integer distance (number of intervening 


gateways) to a destination network gateway. 


Advertisement A broadcast or multicast packet to port 520 that indicates the route for a 
given destination network. 

Update An advertisement sent on a regular 30-second interval, including all routes 
exclusive of those learned on an interface. 
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run tcl <filename> 


Use the run tcl command to initiate a Tool Command Language (Tcl) script. 


Syntax Description 





<filename> Specifies the name of the Tcl script file to run. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example initiates the test1.tcl Tcl script file: 


#run tcl test1.tcl 
Script execution complete 


# 
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schedule <name> 


Use the schedule command to create a general purpose schedule. Use the no form of this command to 
delete a schedule. Variations of this command include: 


schedule <name> 
Additional subcommands are available once you have entered the Schedule Configuration mode: 


absolute start <schedule> end <schedule> 
periodic <day> [<time> to <time>] 
periodic <day> <time>to <day> <time> 
periodic <day> [<time> for <duration>] 
periodic <day> <time> for <duration> 
periodic <time> for <duration> <day> 
periodic daily <time> to <time> 
periodic daily <time> for <duration> 
periodic weekday <time> to <time> 
periodic weekday <time> for <duration> 
periodic weekend <time> to <time> 
periodic weekend <time> for <duration> 
relative start-after <delay> 


Syntax Description 





<name> Specifies the name of the schedule. 
absolute start end Indicates the schedule’s start and end time and date values. 
<schedule> Specifies the start and end schedules. Schedules are expressed in the 
format <time> <day> <month> <year> (for example, 08:15 2 February 
2007). 
<time> Time is expressed in the 24-hour format hours:minutes (hh:mm) (for 
example, 08:15). 
<day> The day of the month is expressed with a number. Range is 1 to 31. 
<month> The name of the month can be spelled out or abbreviated. 
<year> The year is expressed in the format yyyy (for example, 2007). 
periodic Specifies the weekly behavior of the schedule by configuring start/end days, 
times, and duration. 
to Specifies the schedule’s start/end day and time. 
for <duration> Specifies the schedule’s duration. Duration is expressed in the 24-hour 
format hours:minutes (hh:mm). 
daily Optional. Specifies recurring period to be every day of the week. 
weekday Optional. Specifies recurring period to be Monday through Friday. 
weekend Optional. Specifies recurring period to be Saturday and Sunday. 
<time> Time is expressed in the 24-hour format hours:minutes (hh:mm) (for 


example, 08:15). 
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<day> The day of the week can be spelled out or abbreviated. 


relative start-after <delay> Specifies the time delay before the schedule becomes active. Valid range is 
1 to 65,535 seconds. 


Default Values 





By default, no schedules exist. 


Functional Notes 





Periodic schedules can be expressed in the format <day> <time> to <day> <time> (for example, periodic 
monday 08:15 to wednesday 17:15), or up to 7 days can be entered (for example, periodic tuesday 
wednesday thursday 08:15 to 17:15). 


Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command was expanded. 
Release 16.1 Command was expanded to include the for parameter. 


Usage Examples 





The following example creates a schedule Closed and enters the Schedule Configuration mode: 
(config)#schedule Closed 

(config-schedule-Closed)# 

The following example sets the start time in the schedule named Closed to 8:15 a.m. on February 2, 2007, 
and sets the end time to 10:15 a.m. on April 2, 2007: 

(config-schedule-Closed)#absolute start 08:15 2 february 2007 end 10:15 2 april 2007 

The following example sets the recurring start and end day and time in the schedule named Closed to 
Saturday from 8:15 a.m. to 5:15 p.m.: 

(config-schedule-Closed)#periodic saturday 08:15 to 17:15 


The following example sets the execution delay for the schedule named Closed to 30 seconds: 


(config-schedule-Closed)#relative start-after 30 


The following example sets the duration for the schedule named Closed to 30 minutes at 1:00 p.m. every 
day of the week: 


(config-schedule-Closed)#periodic daily 13:00 for 00:30 
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service password-encryption 


Use the service password-encryption command to turn on global password protection. Use the no form 
of this command to return to the default settings. 





If you need to go back to a previous revision of the code (e.g., AOS Revision 10), this 
command must be disabled first. Once the service is disabled, all necessary passwords 

di must be re-entered so that they are in the clear text form. If this is not done properly, you 
will not be able to log back in to the unit after you revert to a previous revision that does 
not support password encryption. 





Syntax Description 





No subcommanas. 


Default Values 





By default, global password protection is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





When enabled, all currently configured passwords are encrypted. Also, any new passwords are encrypted 
after they are entered. Password encryption is applied to all passwords, including passwords for user 
name, Enable mode, Telnet/console, PPP, BGP, and authentication keys. When passwords are encrypted, 
unauthorized persons cannot view them in configuration files since the encrypted form of the password is 
displayed in the running-config. While this provides some level of security, the encryption method used 
with password encryption is not a strong form of encryption so you should take additional network security 
measures. 





You cannot recover a lost encrypted password. You must erase the startup-config and set a 
new password. 


Usage Examples 





The following example enables password encryption for all passwords on the unit: 


(config)#service password-encryption 
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snmp-server chassis-id <string> 


Use the snmp-server chassis-id command to specify an identifier for the Simple Network Management 
Protocol (SNMP) server. Use the no form of this command to return to the default value. 


Syntax Description 


<string> Identifies the product using an alphanumeric string (up to 32 characters in 
length). 


Default Values 





By default, the snmp-server chassis-id is set to Chassis ID. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example configures a chassis ID of A432692: 


(config)#snmp-server chassis-id A432692 
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snmp-server community 


Use the snmp-server community command to specify a community string to control access to the Simple 
Network Management Protocol (SNMP) information. Use the no form of this command to remove a 
specified community. Variations of this command include: 


snmp-server community <community> 

snmp-server community <community> <listname> 

snmp-server community <community> ro 

snmp-server community <community> ro <listhame> 

snmp-server community <community> rw 

snmp-server community <community> rw <listname> 

snmp-server community <community> view <viewname> 

snmp-server community <community> view <viewname> <listname> 
snmp-server community <community> view <viewname> ro 
snmp-server community <community> view <viewname> ro </listname> 
snmp-server community <community> view <viewname> rw 
snmp-server community <community> view <viewname> rw <listname> 


Syntax Description 


<community> Specifies the community string (a password to grant SNMP access). 

view <viewname> Optional. Specifies a previously defined view. Views define objects available 
to the community. For information on creating a new view, refer to 
snmp-server view <name> <value> on page 926. 


ro Optional. Grants read-only access, allowing retrieval of MIB objects. 

rw Optional. Grants read-write access, allowing retrieval and modification of 
MIB objects. 

<listname> Optional. Specifies an access control list (ACL) name used to limit access. 


Refer to jp access-list extended <name> on page 673 and ip access-list 
standard <name> on page 677 for more information on creating ACLs. 


Default Values 





By default, there are no configured SNMP communities. 


Command History 





Release 1.1 Command was introduced. 
Release 9.1 Command was expanded to include the view option. 


Usage Examples 





The following example specifies a community named MyCommunity, specifies a previously defined view 
named blockinterfaces, and assigns read-write access: 


(config)#snmp-server community MyCommunity view blockinterfaces rw 
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snmp-server contact 


Use the snmp-server contact command to specify SNMP server contact information. Use the no form of 
this command to remove a configured contact. Variations of this command include: 


snmp-server contact email <address> 
snmp-server contact pager <number> 
snmp-server contact phone <number> 
snmp-server contact <‘“string’> 


Syntax Description 





email <address> Specifies email address for the SNMP server contact. 
pager <number> Specifies pager number for the SNMP server contact. 
phone <number> Specifies phone number for the SNMP server contact. 
<“string’> Populates the sysContact string using an alphanumeric string enclosed in 


quotation marks (up to 32 characters in length). 


Default Values 





No default values are necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example specifies 6536999 for the pager number: 


(config)#snmp-server contact pager 6536999 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 910 


Command Reference Guide Global Configuration Mode Command Set 





snmp-server enable traps 


Use the snmp-server enable traps command to enable all Simple Network Management Protocol 
(SNMP) traps available on your system. Use the no form of this command to disable SNMP traps. 
Variations of this command include: 


snmp-server enable traps 
snmp-server enable traps snmp 


Syntax Description 





snmp Optional. Specifies the type of notification trap to enable, which at this time 
only includes SNMP. 


The following traps are supported: 
coldStart 

warmStart 

linkUp 

linkDown 

authenticationFailure 


Default Values 





By default, there are no enabled traps. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


This command was written to include additional traps at a later time. Currently, snmp is the only available 
option. Therefore, issuing either snmp-server enable traps or snmp-server enable traps snmp will 
enable snmp traps. 


Usage Examples 


The following example enables SNMP traps: 


(config)#snmp-server enable traps snmp 
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snmp-server enginelD local <hex string> 


Use the snmp-server engineID local command to change the default and manually set the Simple 
Network Management Protocol (SNMP) version 3 (v3) engine ID for the local machine. Use the no form 
of this command to return to the default engine ID. 


Syntax Description 





<hex string> Defines the engine ID for the system. Engine IDs are the 12-octet 
hexadecimal representation (24 characters using 0 through 9 and/or 
a through f) defining a system on the management domain. Refer to the 
Technology Review for more detailed information on engine ID octet 
assignments. 





default engine ID when possible to ensure the uniqueness of the numbers. Problems can 
occur on a management network that contains duplicate engine IDs. 


SNMP v3 requires unique engine IDs for all systems in the management domain. Use the 
cmon 





Default Values 





By default, the local SNMP-server engine ID is 8000029803xxxxxxxxxxxx (where the string of Xs 
represents the system MAC address). 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 


The following example changes the default engine ID for the local system to 80 00 02 98 00 00 00 00 00 00 
01 (where 80 00 02 98 represents the Internet Assigned Numbers Authority (IANA) ID for ADTRAN and 
00 00 00 00 00 00 01 arbitrarily represents the first system on the management domain): 





(config)#snmp-server enginelD local 8000029800000000000001 


Technology Review 





The SNMP v3 engine ID is a unique identifier for a system on a management domain. The default engine 
ID contains 11 octets (in hexadecimal notation) that represent certain information about the system. The 
default engine ID format is as follows: 








Octets 1 to 4 Octet 5 Octets 6 to 11 
03 
IANA ID for the Identifies that octets 6 System MAC address 
product manufacturer through 11 contain a 
MAC address 
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The first 4 octets of the default engine ID for ADTRAN products is 80000298. Octets 1 through 4 represent 
the SNMP private enterprise number (assigned by the IANA) for the product manufacturer. The leading bit 
of octet 1 (the most significant bit) will always be a 1 for a default engine ID (making the leading character 
in the hex string an 8). ADTRAN products use the IANA ID of 664 (which is 02 98 in hexadecimal notation). 
Octet 5 is set to 03 to indicate that the engine ID uses a MAC address as the unique identifier. The last six 
octets of the default engine ID for ADTRAN routers contain the MAC address for the Ethernet 0/1 interface 
(for example, 00127905257c). 


The snmp-server enginelD local command overrides the default engine ID and replaces it with the first 
24 characters of the user-entered string. Because the string is in hexadecimal notation, only numbers 0 
through 9 and characters a through f are valid. If fewer than 24 characters are entered in the string, pad the 
end of the entered string with zeros (least significant bits) until the 24 character string is complete. For 
example, a user input of 8000029805 results in an engine ID of 800002980500000000000000. 
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snmp-server enginelD remote </p address> <string> 


Use the snmp-server engineID remote command to identify a remote Simple Network Management 
Protocol (SNMP) entity’s engine ID. The remote engine ID is necessary before SNMP version 3 (v3) 
inform notifications can be acknowledged. For further information, refer to the command snmp-server user 
on page 923. Use the no form of this command to remove the remote SNMP entity’s engine ID. 


Syntax Description 





<ijpp address> Specifies the IP address for the remote SNMP device. IP addresses should 
be expressed in dotted decimal notation (for example, 10.10.10.1). 


<string> Specifies the engine ID for the remote SNMP device. 


Default Values 





By default, there are no remote engine IDs identified. 


Command History 


Release 14.1 Command was introduced. 


Usage Examples 





The following example identifies a remote SNMP device with an IP address of 10.10.12.2 and an engine ID 
of 80000298000000A0C8000001: 


(config)#snmp-server enginelD remote 10.10.12.2 80000298000000A0C8000001 
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snmp-server group 


Use the snmp-server group command to specify a new Simple Network Management Protocol (SNMP) 
group to control access to SNMP information. Use the no form of this command to remove a specified 
group. Variations of this command include: 


snmp-server group <groupname> v1 read <name> write <name> notify <name> access <listname> 
snmp-server group <groupname> v2c read <name> write <name> notify <name> access <listname> 
snmp-server group <groupname> v3 auth read <name> write <name> notify <name> 

access </istname> 
snmp-server group <groupname> v3 noauth read <name> write <name> notify <name> 

access </istname> 
snmp-server group <groupname> v3 priv read <name> write <name> notify <name> 

access </istname> 


Syntax Description 





<groupname> Specifies the name of the SNMP group (32 characters maximum). 
v1 Uses SNMP version 1 security model. 
v2c Uses SNMP version 2c security model. 
v3 Uses SNMP version 3 user-based security model (USM) 
Options if version 3 is used: 
auth Indicates that authentication is used. 
noauth Indicates that no authentication is used. 
priv Indicates that privacy authentication is used. 
read <name> Specifies a read-view entry (82 characters maximum). 
write <name> Specifies a write-view entry (32 characters maximum). 
notify <name> Specifies a notify-view entry (82 characters maximum). 
access </istname> Specifies an access control list (ACL) entry. 


Default Values 





If no views are specified, the system automatically assigns default read- and notify-views that have no 
restrictions. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example defines a group called securityV3auth using version 3 security model, 
authentication, and no ACL to verify: 


(config)#snmp-server group securityV3auth v3 auth 
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snmp-server host 


Use the snmp-server host command to configure the host to receive Simple Network Management 
Protocol (SNMP) notifications. Use the no form of this command to remove a specified host. Variations of 
this command include the following: 


snmp-server host <ip address> informs version 1 <community> 
snmp-server host <i/p address> informs version 1 <community> snmp 
snmp-server host <i/p address> informs version 2c <community> 
snmp-server host </p address> informs version 2c <community> snmp 
snmp-server host <ip address> informs version 3 auth <community> 
snmp-server host </p address> informs version 3 auth <community> snmp 
snmp-server host </p address> informs version 3 noauth <community> 
snmp-server host </p address> informs version 3 noauth <community> snmp 
snmp-server host </p address> informs version 3 priv <community> 
snmp-server host </p address> informs version 3 priv <community> snmp 
snmp-server host <i/p address> traps <community> 

snmp-server host <i/p address> traps version 1 <community> 

snmp-server host </p address> traps version 1 <community> snmp 
snmp-server host </p address> traps version 2c <community> 
snmp-server host </p address> traps version 2c <community> snmp 
snmp-server host </p address> traps version 3 auth <community> 
snmp-server host </p address> traps version 3 auth <community> snmp 
snmp-server host </p address> traps version 3 noauth <community> 
snmp-server host </p address> traps version 3 noauth <community> snmp 
snmp-server host </p address> traps version 3 priv <community> 
snmp-server host </p address> traps version 3 priv <community> snmp 


Syntax Description 


<ip address> Specifies the IP address of the SNMP host that receives the SNMP 
information. IP addresses should be expressed in dotted decimal notation 
(for example, 10.10.10.1). 


informs Enables informs to this host. 





The following traps are supported: 
coldStart 

warmStart 

linkUp 

linkDown 

authenticationFailure 


<community> Specifies the community string (used as a password) (16 characters 
maximum) for authorized agents to obtain access to SNMP information. 


traps Enables traps to this host. If the version is not specified, version 1 is used. 
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version 1 Uses SNMP version 1 security model. 

version 2c Uses SNMP version 2c security model. 

version 3 Uses SNMP version 3 user-based security model (USM). 
snmp Optional. Enables a subset of traps specified in RFC 1157. 


Default Values 





No default is necessary with this command. 


Command History 





Release 1.1 Command was introduced. 
Release 13.1 Command was expanded to include informs options. 


Usage Examples 





The following example sends all SNMP traps to the host at address 190.3.44.69 and community string 
MyCommunity using SNMP version 2c: 


(config)#snmp-server host 190.3.44.69 traps version 2c MyCommunity snmp 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 917 


Command Reference Guide Global Configuration Mode Command Set 





snmp-server inform 


Use the snmp-server inform retries command to set the number of retry attempts for a response and set 
the amount of time to wait for a response before allowing a new request. Use the no form of this command 
to return to the default setting. Variations of this command include the following: 


snmp-server inform retries <number> 
snmp-server inform timeout <va/ue> 


Syntax Description 





retries <number> Specifies number of retries for a response. The range is from 1 to 100. 


timeout <value> Specifies time (in seconds) to wait for a response. The range is from 1 to 
1000 seconds. 


Default Values 





By default, the retry count is set to 3 and the timeout is set to 5 seconds. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example sets the retry count to 10: 


(config)#snmp-server inform retries 10 
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snmp-server location <‘“string’> 


Use the snmp-server location command to specify the Simple Network Management Protocol (SNMP) 
system location string. Use the no form of this command to return to the default value. 


Syntax Description 


<“string’> Populates the system location string using an alphanumeric string enclosed 
in quotation marks (up to 32 characters in length). 


Default Values 





By default, the snmp-server location is set to ADTRAN. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies a location of 5th Floor Network Room: 


(config)#snmp-server location “5th Floor Network Room” 
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snmp-server management-url <url> 


Use the snmp-server management-url command to specify the URL for the device’s management 
software. Use the no form of this command to remove the management URL. 


Syntax Description 


<url> Specifies the URL for the management software. 


Default Values 
By default, no URL is defined. 





Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example specifies the URL http:/;www.mywatch.com as the device’s management 
software: 


(config)#snmp-server management-url http://‘www.mywatch.com 
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snmp-server management-url-label </abel> 


Use the snmp-server management-url-label command to specify a label for the URL of the device’s 
management software. Use the no form of this command to remove the label. 


Syntax Description 


<label> Specifies a label for the URL of the management software (maximum length 
255 characters). 


Default Values 





No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example specifies the label watch for the management software: 


(config)#snmp-server management-url-label watch 
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snmp-server source-interface </nterface> 
Use the snmp-server source-interface command to specify a source interface for SNMP traffic (including 


traps and get/set requests) originated by the unit. The IP address of the specified interface will be used to 
source all SNMP traffic. Use the no form of this command to remove the specified interface. 


Syntax Description 





<interface> Specifies the interface that should originate SNMP traffic. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
snmp-server source-interface ? for a complete list of valid interfaces. 


Default Values 





By default, there is no source-interface defined. 


Command History 





Release 7.1 Command was introduced. 
Release 14.1 Command was expanded to include tunnel interface. 
Release 17.1 Command expanded to include ATM interface. 


Usage Examples 


The following example specifies that the ethernet 0/1 should be the source for all SNMP traps and get/set 
requests: 


(config)#snmp-server source-interface ethernet 0/1 
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snmp-server user 


Use the snmp-server user command to configure Simple Network Management Protocol (SNMP) users to 
control access to SNMP information. Use the no form of this command to remove a user from the specified 
SNMP group. Variations of this command include: 


snmp-server user <username> <groupname> v1 
snmp-server user <username> <groupname> v1 access <listname> 
snmp-server user <username> <groupname> v2c 
snmp-server user <username> <groupname> v2c access <listname> 
snmp-server user <username> <groupname> v3 
snmp-server user <username> <groupname> remote <host> v3 
snmp-server user <username> <groupname> v3 access <listname> 
snmp-server user <username> <groupname> remote <host> v3 access </istname> 
snmp-server user <username> <groupname> v3 auth md5 <password> 
snmp-server user <username> <groupname> remote <host> v3 auth md5 <password> 
snmp-server user <username> <groupname> v3 auth md5 <password> access <listname> 
snmp-server user <username> <groupname> remote <host> v3 auth md5 <password> 
access </istname> 
snmp-server user <username> <groupname> v3 auth md5 <password> priv des <password> 
snmp-server user <username> <groupname> remote <host> v3 auth md5 <password> 
priv des <password> 
snmp-server user <username> <groupname> v3 auth md5 <password> priv des <password> 
access </istname> 
snmp-server user <username> <groupname> remote <host> v3 auth md5 <password> 
priv des <password> access <listname> 
snmp-server user <username> <groupname> v3 auth sha <password> 
snmp-server user <username> <groupname> remote <host> v3 auth sha <password> 
snmp-server user <username> <groupname> v3 auth sha <password> access <listname> 
snmp-server user <username> <groupname> remote <host> v3 auth sha <password> 
access </istname> 
snmp-server user <username> <groupname> v3 auth sha <password> priv des <password> 
snmp-server user <username> <groupname> remote <host> v3 auth sha <password> 
priv des <password> 
snmp-server user <username> <groupname> v3 auth sha <password> priv des <password> 
access </istname> 
snmp-server user <username> <groupname> remote <host> v3 auth sha <password> 
priv des <password> access <listname> 





If service password-encryption is enabled, the running configuration changes to include 
‘ore the keyword encrypted before each password entry, which is masked. Refer to service 
password-encryption on page 907. 
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Syntax Description 





access </istname> 
<groupname> 
<username> 

v1 

v2c 

v3 


remote <host> 


encrypted 


<password> 


Specifies an access control list (ACL) entry. 
Specifies the name of the group the user belongs to. 
Specifies the name of the user. 

Uses SNMP version 1 security model. 

Uses SNMP version 2c security model. 

Uses SNMP version 3 (user-based security model). 
Options if version 3 is used: 


auth Indicates that authentication is used. 

des Use the CBC-DES privacy authentication algorithm. 
md5 Uses the HMAC-MD5-96 authentication level. 

priv Indicates that privacy authentication is used. 


remote <host> Optional. Identifies the host name or IP address of a 


remote SNMP entity to which the user belongs. 
Uses the HMAC-SHA-96 authentication level. 


A password string used to build the key for the 
authentication level. 


sha 
auth-password 


priv-password A password string used for data encryption between 
the host and agent. 

Identifies a remote SNMP entity by host IP address. The remote host is 
necessary for acknowledgement of SNMP version 3 notifications. 
Indicates service password encryption is enabled. Precedes the encrypted 
password. 


Indicates a password entry. 





It is necessary to configure the SNMP engine ID before configuration of the remote users 
for a particular agent can be completed. Refer to the command snmp-server engineID 
remote <ip address> <string> on page 914 for instructions in setting the engine ID with 
the remote option. 


as 





Default Values 





No default is necessary with this command. 


Command History 





Release 13.1 
Release 14.1 


Command was introduced. 
Command was expanded to include remote <host>. 
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Usage Examples 





The following example enters a new user named BobbyW and assigns the user to a group called 
securityV3auth using version 3 security model and authentication method MD5 with a password of 
passWORD6243 and no ACL to verify: 


(config)#snmp_ server user BobbyW securityV3auth v3 auth md5 passWORD6243 


Technology Review 





SNMP server users are configured and attached to a specified group with an SNMP version. The SNMP 
version defines the security model of the group, with SNMP version 1 (SNMP v1) being the least secure 
and SNMP version 3 (SNMP v3) the most secure. Groups also define the read, write, notify, and view 
access for each user that resides in the group. 


Trap notifications in SNMP v1 and SNMP version 2 (SNMP v2) are sent once and do not require an 
acknowledgement upon receipt. With SNMP v3, a new form of notification type was introduced, called an 
inform. Unlike a trap sent with SNMP v1/v2, an inform requires a response be sent to the originating entity. 
If the originator of the inform notification does not receive the response before a specified timeout, the 
originator can resend until an acknowledgement response is received or a specified retry is reached. 
Sending informs require that the originator of the inform know the user, engine ID, security parameters, 
and belong to a group that grants access to the information. 


SNMP v3 uses services such as authentication, privacy, and access control to provide a higher level of 
security not present with v1 or v2. Of these new services, identifying an SNMP server user on a remote 
entity is necessary to receive and originate notifications, and also to generate and respond to commands. 


Remote users are specified with an IP address or port number for the remote SNMP entity where the user 
resides. Configuration of the SNMP engine ID must occur prior to configuring remote SNMP server users. 
This is accomplished through use of the snmp-server enginelD remote command. The remote entity's 
SNMP engine ID is used for password authentication and privacy digests. The configuration command will 
fail if the remote engine ID is not configured first. A management device must know about the user, the 
engine ID of the device, and security parameters such as authentication, passwords, and security level in 
order for the command to be processed by the receiving agent. 
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snmp-server view <name> <value> 


Use the snmp-server view command to create or modify a Simple Network Management Protocol 
(SNMP) view entry. Use the no form of this command to remove an entry. Variations of this command 
include: 


snmp-server view <name> <value> excluded 
snmp-server view <name> <value> included 


Syntax Description 





<name> Specifies a label for the view record being created. The name is a record 
reference. 
<value> Specifies the object identifier (OID) to include or exclude from the view. To 


identify the subtree, specify a string using numbers, such as 1.4.2.6.8. 
Replace a single subidentifier with the asterisk (*) to specify a subtree 


family. 
excluded Specifies a view to be excluded. 
included Specifies a view to be included. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The snmp-server view command can include or exclude a group of OIDs. The following example shows 
how to create a view (named blockinterfaces) to exclude the OID subtree family 1.3.3.1.2.1.2: 


(config)#snmp-server view blockinterfaces 1.3.3.1.2.1.2.* excluded 


The following example shows how to create a view (named block) to include a specific OID: 


(config)#snmp-server view block 1.3.3.1.2.1.2. included 
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sntp retry-timeout <value> 


Use the sntp retry-timeout command to set the amount of time to wait for a response before allowing a 
new request. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies time (in seconds) to wait for a response before retrying. The range 
is from 3 to 4,294,967,294 seconds. 


Default Values 





By default, the retry timeout is set to 5 seconds. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example sets the SNTP retry timeout to 10 seconds: 


(config)#sntp retry-timeout 10 
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sntp server version 


Use the sntp server command to set the host name of the SNTP server, as well as the version of SNTP to 
use. The Simple Network Time Protocol (SNTP) is an abbreviated version of the Network Time Protocol 
(NTP). SNTP is used to set the time of the AOS product over a network. The SNTP server usually serves 
the time to many devices within a network. Use the no form of this command to return to the default 
setting. Variations of this command include: 


sntp server <hostname> 
sntp server <ip address> 
sntp server version <number> 


Syntax Description 


<hostname> Specifies the host name of the SNTP server. 


<ijpp address> Specifies the IP address of the SNTP server. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


version <number> Optional. Specifies which NTP version is used. Valid range is 1 to 3. 


Default Values 


By default, NTP version is set to 1. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 


The following example sets the SNTP server to time.nist.gov using SNTP version 1 (the default version): 


(config)#sntp server time.nist.gov 


The following example sets the SNTP server as time.nist.gov. All requests for time use version 2 of the 
SNTP: 


(config)#sntp server time.nist.gov version 2 
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sntp wait-time <value> 


Use the sntp wait-time command to set the time between updates from the time server. Use the no form of 
this command to return to the default setting. 


Syntax Description 


<value> Specifies time (in seconds) between updates. Range is 10 to 4,294,967,294 
seconds. 


Default Values 





By default, the wait time is set to 86,400 seconds (1 day). 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example sets the SNTP wait time to two days: 


(config)#sntp wait-time 172800 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 929 


Command Reference Guide Global Configuration Mode Command Set 





spanning-tree edgeport bpdufilter default 


Use the spanning-tree edgeport bpdufilter default command to enable the BPDU filter on all ports by 
default. Use the no form of this command to disable the setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, spanning-tree edgeport bpdufilter default is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The BPDU filter blocks any BPDUs from being transmitted and received on an interface. This can be 
overridden on an individual port. 


Usage Examples 





The following example enables the bpdufilter on all ports by default: 

(config)#spanning-tree edgeport bpdufilter default 

To disable the BPDU filter on a specific interface, issue the appropriate commands for the given interface 
using the following commands as an example: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#spanning-tree edgeport bpdufilter disable 
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spanning-tree edgeport bpduguard default 


Use the spanning-tree edgeport bpduguard default command to enable the BPDU guard on all ports by 
default. Use the no form of this command to disable the setting. 


Syntax Description 


No subcommanads. 


Default Values 
Disabled by default. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The bpduguard blocks any BPDUs from being received on an interface. This can be overridden on an 
individual port. 


Usage Examples 





The following example enables the BPDU guard on all ports by default. 

(config)#spanning-tree edgeport bpduguard default 

To disable the BPDU guard on a specific interface, issue the appropriate commands for the given interface 
using the following commands as an example: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#spanning-tree edgeport bpduguard disable 
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spanning-tree edgeport default 


Use the spanning-tree edgeport default command to configure all ports to be edgeports by default. Use 
the no form of this command to disable the setting. 


Syntax Description 


No subcommanas. 


Default Values 
Disabled by default. 





Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example configures all interfaces running spanning tree to be edgeports by default: 


(config)#spanning-tree edgeport default 


An individual interface can be configured to not be considered an edgeport. For example: 
(config)#interface ethernet 0/1 

(config-eth 0/1)#spanning-tree edgeport disable 

or 


(config)#interface ethernet 0/1 
(config-eth 0/1)#no spanning-tree edgeport 
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spanning-tree forward-time <value> 


Use the spanning-tree forward-time command to specify the delay interval (in seconds) when forwarding 
spanning-tree packets. Use the no form of this command to return to the default interval. 


Syntax Description 


<value> Specifies the forwarding delay interval in seconds. Range is 4 to 
30 seconds. 


Default Values 





By default, the forwarding delay is set to 15 seconds. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the forwarding time to 18 seconds: 


(config)#spanning-tree forward-time 18 
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spanning-tree hello-time <va/ue> 


Use the spanning-tree hello-time command to specify the delay interval (in seconds) between hello 
bridge protocol data units (BPDUs). To return to the default interval, use the no form of this command. 


Syntax Description 


<value> Specifies the delay interval (in seconds) between hello BPDUs. Range is 
0 to 1,000,000 seconds. 


Default Values 





By default, the delay is set to 2 seconds. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example configures a spanning-tree hello-time interval of 10,000 seconds: 


(config)#spanning-tree hello-time 10000 
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spanning-tree max-age <value> 


Use the spanning-tree max-age command to specify the interval (in seconds) the spanning tree will wait 
to receive bridge protocol data units (BPDUs) from the root bridge before assuming the network has 
changed (thus re-evaluating the spanning-tree topology). Use the no form of this command to return to the 
default interval. 


Syntax Description 





<value> Specifies the wait interval (in seconds) between received BPDUs (from the 
root bridge). Range is 6 to 40 seconds. 


Default Values 





By default, the wait interval is set at 20 seconds. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 
The following example configures a wait interval of 45 seconds: 


(config)#spanning-tree max-age 45 
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spanning-tree mode 


Use the spanning-tree mode command to choose a spanning-tree mode of operation. Use the no form of 


this command to return to the default setting. Variations of this command include: 


spanning-tree mode rstp 
spanning-tree mode stp 


Syntax Description 





rstp Enables rapid spanning-tree protocol. 
stp Enables spanning-tree protocol. 


Default Values 





By default, spanning-tree mode is set to rstp. 


Command History 


Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the spanning-tree mode to rapid spanning-tree protocol: 


(config)#spanning-tree mode rstp 
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spanning-tree pathcost method 


Use the spanning-tree pathcost method command to select a short or long pathcost method used by the 
spanning-tree protocol. Use the no form of this command to return to the default setting. Variations of this 
command include: 


spanning-tree pathcost method long 
spanning-tree pathcost method short 


Syntax Description 





long Specifies a long pathcost method. 
short Specifies a short pathcost method. 


Default Values 





By default, spanning-tree pathcost is set to short. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example specifies that the spanning-tree protocol use a long pathcost method: 


(config)#spanning-tree pathcost method long 
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spanning-tree priority <va/ue> 
Use the spanning-tree priority command to set the priority for spanning-tree interfaces. The lower the 


priority value, the higher the likelihood the configured spanning-tree interface will be the root for the 
bridge group. To return to the default bridge priority value, use the no version of this command. 


Syntax Description 





<value> Sets a priority value for the bridge interface. Configuring this value to a low 
number increases the interface’s chance of being the root. Therefore, the 
maximum priority level would be 0. Range is 0 to 65,535. 


Default Values 





By default, the priority level is set to 32,768. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 
The following example sets spanning-tree priority to the maximum level: 


(config)#spanning-tree priority 0 
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stack 


Use the stack command to configure switch-stacking options. Use the no form of these commands to 
disable these features. Variations of this command include: 


stack master 

stack master <vian id> 

stack master <vian id> <ip address> <subnet mask> 
stack member <mac address> 

stack member <mac address> <unit id> 

stack vlan <vian id> 


Syntax Description 





master Specifies that the unit will be the master of the stack. 
<vian id> Specifies the VLAN ID the stack will use for communication. 
<ijpp address> Configures the network mask of the private IP network. IP addresses 


should be expressed in dotted decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


member Adds a switch to the stack. 


<mac address> Specifies a valid 48-bit MAC address of the unit being added. MAC 
addresses should be expressed in following format xx:xx:xx:XXx:XXx:xx (for 
example, 00:A0:C8:00:00:01). 


<unit id> Specifies the unit ID of the switch being added. 
vlan <vian id> Specifies the VLAN ID of the stack of which you are a member. 


Default Values 
By default, stack VLAN is 2386, and the stack IP network is 169.254.0.0/24. 





Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example configures the unit to be the stack master and use the default stack VLAN and IP 
network. 


(config)#stack master 2000 


The following example configures the unit to be the stack master and use VLAN 2000 as the management 
VLAN and 192.168.1.0/24 as the management network. 


(config)#stack master 2000 192.168.1.0 255.255.255.0 
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The following example adds the switch with the CPU MAC address 00:A0:C8:00:8C:20 to the stack; also 
assigns the number 2 as the new stack member's unit ID. 


(config)#stack member 00:A0:C8:00:8C:20 2 
The following example specifies that this unit is in the stack using VLAN 2000 as its management VLAN; 
also specifies that this unit is in stack member mode (not a stack-master). 


(config)#stack vlan 2000 
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tacacs-server 


Use the tacacs-server command to customize settings for communication with TACACS servers. Use the 
no form of this command to return to the default settings. Variations of this command include the 
following: 


tacacs-server host [<hostname> | <ip address>] 

tacacs-server host [<hostname> | <ip address>] key <key> 
tacacs-server host [<hostname> | <ip address>] port <tcp port> 
tacacs-server host [<hostname> | <ip address>] timeout <value> 
tacacs-server key <key> 

tacacs-server packet maxsize <value> 

tacacs-server timeout <value> 


Syntax Description 





host [<hostname> | <ip address>] Specifies the IP host by name or IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


key <key> Sets an encryption network access server (NAS) and the TACACS+ 
daemon. Setting a key for a particular server (using the 
tacacs-server host [<hostname> | <ip address>] key <key> 
command) supersedes keys set globally using the tacacs-server 
key <key> command. 


port <tcp port> Specifies the TCP port number to be used when connecting to the 
TACACS+ daemon. Range is 1 to 65,535. 

packet maxsize <value> Specifies a maximum packet size for this server. Range is 10,240 to 
65,535. 

timeout <value> Specifies a timeout limit (in seconds) that the unit will wait for a 


response from the daemon before declaring an error. Range is 1 to 
1000 seconds. Setting a timeout for a particular server (using the 
tacacs-server host [<hostname> | <ip address>] timeout <value> 
command) supersedes time limits set globally using the 
tacacs-server timeout <va/ue> command. 


Default Values 





By default, the key is set to key and the default TCP port number is 49. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets a timeout limit of 60 seconds for the specified server: 


(config)#tacacs-server host 10.5.6.7 timeout 60 
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telnet 


Use the telnet command to open a Telnet session (through AOS) to another system on the network. 
Variations of this command include the following: 


telnet </p address | hostname> 

telnet <ip address | hostname> port <tcp port> 

telnet vrf <name> <ip address | hostname> 

telnet vrf <name> <ip address | hostname> port <tcp port> 


Syntax Description 





<ijpp address | hostname> Specifies the IP address or host name of the remote system. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 

port <tcp port> Optional. Specifies the TCP port number to be used when connecting to a 
host through Telnet. Range is 1 to 65,535. 

vrf <name> Optional. Specifies the VRF where the IP address or host name exists. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 1.1 Command was introduced. 
Release 14.1 Command was expanded to specify port number. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the 
abovementioned commands without specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example opens a Telnet session with a remote system (10.200.4.15): 


>enable 

#telnet 10.200.4.15 
User Access Login: 
Password: 
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The following example opens a Telnet session with a remote system (10.200.4.15) on port 8010: 


>enable 

#telnet 10.200.4.15 port 8010 
User Access Login: 

Password: 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 943 


Command Reference Guide Global Configuration Mode Command Set 





thresholds 


Use the thresholds command to specify DS1 performance counter thresholds. Use the no form of this 
command to return to default settings. Variations of this command include: 


thresholds BES [15Min | 24Hr] <number> 
thresholds CSS [15Min | 24Hr] <number> 
thresholds DM [15Min | 24Hr] <number> 
thresholds ES [15Min | 24Hr] <number> 
thresholds LCV [15Min | 24Hr] <number> 
thresholds LES [15Min | 24Hr] <number> 
thresholds PCV [15Min | 24Hr] <number> 
thresholds SEFS [15Min | 24Hr] <number> 
thresholds SES [15Min | 24Hr] <number> 
thresholds UAS [15Min | 24Hr] <number> 


‘ore Threshold settings are applied to ALL DS1s. 





Syntax Description 





BES Specifies the bursty errored seconds threshold. 

cSs Specifies the controlled slip seconds threshold. 

DM Specifies the degraded minutes threshold. 

ES Specifies the errored seconds threshold. 

LCV Specifies the line code violations threshold. 

LES Specifies the line errored seconds threshold. 

PCV Specifies the path coding violations threshold. 

SEFS Specifies the severely errored framing seconds threshold. 

SES Specifies the severely errored seconds threshold. 

UAS Specifies the unavailable seconds threshold. 

15Min Specifies that the threshold you are setting is for the counter’s 15-minute 
statistics. 

24Hr Specifies that the threshold you are setting is for the counter’s 24-hour 
statistics. 

<number> Specifies the maximum occurrences allowed for this error type. Once a 


threshold is exceeded, an event is sent to the console specifying the 
appropriate counter. Additionally, if SNMP traps are enabled, the unit will 
send a trap with the same information as the console event. 
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Default Values 





The default values for this command are as follows: 


thresholds BES 15Min 10 
thresholds BES 24Hr 100 
thresholds CSS 15Min 1 
thresholds CSS 24Hr 4 
thresholds DM 15Min 1 
thresholds DM 24Hr 4 
thresholds ES 15Min 65 
thresholds ES 24Hr 648 
thresholds LCV 15Min 13340 
thresholds LCV 24Hr 133400 
thresholds LES 15Min 65 
thresholds LES 24Hr 648 
thresholds PCV 15Min 72 
thresholds PCV 24Hr 691 
thresholds SEFS 15Min 2 
thresholds SEFS 24Hr 17 
thresholds SES 15Min 10 
thresholds SES 24Hr 100 
thresholds UAS 15Min 10 
thresholds UAS 24Hr 10 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example sets the threshold for the 15-minute and 24-hour bursty errored seconds counter to 


25 and 200, respectively: 


(config)#thresholds BES 15Min 25 
(config)#thresholds BES 24Hr 200 
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timing-source 


Use the timing-source command to configure the timing source used for reference timing. Use the no 
form of this command to return to default settings. Variations of this command include the following: 


timing-source internal 

timing-source internal secondary 
timing-source t1 </nterface id> 
timing-source t1 </nterface id> secondary 


Syntax Description 





internal Configures the unit to provide timing using the internal 1.544 MHz clock 
generator. 

t1 <interface id> Configures the unit to recover clocking from the specified T1 or DSX-1 
interface. 

secondary Optional. Signifies that the clock source specified in the command is to be 


the secondary clock source. 


Default Values 





By default, the primary clock source is set to internal. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 


If both the primary and secondary clock sources fail, the unit automatically switches to internal timing. 


Usage Examples 





The following example configures the unit to use an internal timing source: 

(config)#timing-source internal 

The following examples set the t1 0/1 interface as the primary timing source and the t1 0/2 interface as the 
secondary timing source: 


(config)#timing-source t1 0/1 
(config)#timing-source t1 0/2 secondary 
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track <name> 


Use the track commands to create a track as part of network monitoring. This command is also used to 
enter into the Network Monitoring Track command set once a track is created. These additional commands 
are covered in Network Monitor Track Configuration Command Set on page 2185. Use the no form of this 
command to delete the track. 


Syntax Description 





<name> Specifies the name of the track being created. 


Default Values 





By default, there are no tracks configured. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





Track objects can be associated with probes to monitor their states. Upon a change in the probe state, the 
probe sends an event to any track registered with the probe. In response, the track performs the action 
indicated. 


Track objects are associated with probes by using the commands test if on page 2189 and test list on page 
2193. 


Usage Examples 





The following example creates an track called track_a: 


>enable 

#configure terminal 
(config)#track track_a 
(config-track-track_a)# 


Technology Review 





Tracks are objects created to monitor other objects for a change in their state. The tracks can be 
configured to perform a specific action based upon the second object state detected. Association between 
a track and another object (for example, a probe, schedule, or interface) occurs through referencing the 
second object in the track’s configuration. Once the track is registered with the second object, whenever a 
change occurs with that object’s state, an event is sent to the track. 


Additional configuration commands are available for creating probes. These are explained in the Network 
Monitor Probe Configuration Command Set on page 2150. 
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username <username> password <password> 
Use the username password command to configure the username and password to use for all protocols 


requiring a user name-based authentication system, including FTP server authentication, line (login 
local-user list), and HTTP access. Use the no form of this command to remove a user name and password. 


Syntax Description 





<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case sensitive). 


Default Values 





By default, there is no established user name and password. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





All users defined using the username/password command are valid for access to the unit using the login 
local-userlist command. 


Usage Examples 





The following example creates a user name of ADTRAN with password ADTRAN: 
(config)#username ADTRAN password ADTRAN 
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username <username> portal-list <name> password <password> 
Use the username portal-list password command to associate a portal list with an user name. Use the 


portal-list command (on page 877) to define the portal list. Use the no form of this command to remove 
the portal list. 


Syntax Description 





<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case sensitive). 

<name> Specifies the name of the portal list assigned to this user. 

password <password> Specifies the use of a password using an alphanumerical string up to 


30 characters in length (the password is case sensitive). 


Default Values 





By default, no portal lists are assigned to user names. 


Command History 





Release 17.1 Command was introduced. 
Release A1 Command was expanded to include password parameter. 


Usage Examples 


The following example associates the portal list engineers with the user name ADTRAN and the 
password word: 


(config)#username ADTRAN portal-list engineers password word 
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vian <vian id> 


Use the vlan command to enter the VLAN Configuration mode. Use the no form of this command to 
remove a VLAN ID. Refer to the section VLAN Configuration Command Set on page 1912 for more 
information. 


Syntax Description 
<vian id> Specifies a valid VLAN ID. Range is 1 to 4094. 





Default Values 





No default values are necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enters the VLAN configuration mode for VLAN 1: 


(config)#vlan 1 
(config-vlan 1)# 
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voice alias <name> equals <number> 
Use the voice alias equals command to configure the name and number for the call routing alias. This 


feature allows a single call destination to be reached by an alternate name and number. Use the no form of 
the command to disable this feature. 


Syntax Description 





<name> Specifies the alias name to describe the call destination. 
<number> Assigns the alias number to mask the original number. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example activates the Lobby voice alias at extension 4100: 


(config)#voice alias Lobby equals 4100 
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voice autoattendant 


Use the voice autoattendant command to configure the auto-attendant options for the system. Use the no 
form of the commands to disable the settings. For more voice auto-attendant options, refer to voice 
call-appearance-mode on page 953. Variations of this command include the following: 


voice autoattendant <name> 

voice autoattendant <name> extension <number> 
voice autoattendant alias <name> 

voice autoattendant did <number> 

voice autoattendant extension <number> 


Syntax Description 





<name> Specifies a name for this auto-attendant. 

alias <name> Specifies an alias name to use as an alternate when accessing the 
auto-attendant. 

did <number> Configures the direct inward dial number to assign to the auto-attendant. 

extension <number> Specifies the extension for auto-attendant system login access. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example configures the aOperator as an alias for the auto-attendant: 


(config)#voice autoattendant alias aOperator 
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voice call-appearance-mode 


Use the voice call-appearance-mode command to configure the unit to allow single or multiple call 
appearances to user account phones. Use the no form of the command to return to the default settings. 
Variations of this command include: 


voice call-appearance-mode multiple 
voice call-appearance-mode single 


Syntax Description 





multiple Allows multiple call appearances. For analog phones, this will be limited to 
two; for SIP phones the number allowed depends on the model of phone. 


single Allows only a single call appearance. 


Default Values 





By default, this is set to single. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Each incoming call is classified as a call appearance. For example, call waiting supports two call 
appearances simultaneously. Without call waiting, only one call appearance is supported at a time. 


Usage Examples 





The following example sets the unit to allow multiple call appearances: 


(config)#voice call-appearance-mode multiple 
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voice callerid-type <method> 
Use the voice callerid-type command to specify the caller ID method for this system. Select the caller ID 


type that is required by your telecommunications provider. Use the no form of this command to disable the 
settings. 


Syntax Description 





<method> Specifies the type of caller ID to use with the system. The available options 
are: 


¢ Belgium_FSK 

* Canada_Stentor 
- Denmark_DTMF 
¢ Finland_DTMF 
¢ Italy_FSK 

- Netherlands _DTMF 
- Norway_FSK 

¢ Sweden_DTMF 
¢ UK_BT 

- UK_CCA 

« US Bellcore 


Default Values 





By default, the caller ID type is set to US_ Bellcore. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example specifies using the Italian method for the caller ID type: 


(config)#voice callerid-type ltaly_FSK 
(config)# 
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voice cause-code-map 


Use the voice cause-code-map command to configure the cause code and SIP message numbers for the 
PRI. Cause codes and SIP message numbers are associated with a particular connection failure, and 
notifies the system when problems occur. Use the no form of this command to return to the default 
settings. Variations of this command include: 


voice cause-code-map from-pri <va/ue> <value> 
voice cause-code-map to-pri <value> <value> 


Syntax Description 





from-pri <value> <value> Enter the cause code number to map to the SIP message. The valid range 
is 1 to 127. Next, enter the SIP message number to be used. The valid 
range is 400 to 606 


to-pri <value> <value> Enter the SIP message number to map to the PRI cause code map. The 
valid range is 400 to 606. The second <va/ue> is the PRI cause code 
number. The valid range is 1 to 127. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example sets the cause code number to 28 to associate with SIP messages: 


(config)#voice cause-code-map from-pri 28 
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voice class-of-service <set name> 
Use the voice class-of-service command to create a voice class of service (CoS) rule set and to enter the 


Voice Class of Service command set. These additional commands are covered in Voice CoS Command Set 
on page 2256. Use the no form of this command to delete a configured class of service rule set. 


Syntax Description 





<set name> Specifies the name of the class of service rule set. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a new class of service rule set called set1: 


(config)#voice class-of-service set1 
Configuring New Level “set1”. 
(config-cos-set1 )# 
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voice codec-country <name> 
Use the voice codec-country command to assign a country setting for the POTS (analog) CODECs. Refer 


to Voice CODEC List Configuration Command Set on page 2252 for details that set the appropriate ring 
cadences and ringback tones. Use the no form of this command to delete a configured country setting. 


Syntax Description 





<name> Specifies the CODEC country name. The available options are Canada, 
Puerto_Rico, and United_ States. 


Default Values 
By default, the CODEC country setting is United_States. 





Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example assigns Canada as the CODEC country: 


(config)#voice codec-country Canada 
(config)# 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 957 


Command Reference Guide Global Configuration Mode Command Set 





voice codec-list <name> 
Use the voice codec-list command to create a named CODEC list for call negotiation and to enter the 


CODEC List command set. Refer to Voice CODEC List Configuration Command Set on page 2252 for 
details. Use the no form of this command to delete a configured CODEC list. 


Syntax Description 





<name> Specifies the CODEC list name. 


Default Values 





By default, there are no configured voice CODEC lists. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a new CODEC list named trunk: 


(config)#voice codec-list Trunk 
Configuring New Codec List “Trunk”. 
(config-codec)# 
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voice codec-priority 


Use the voice codec-priority command to specify which CODEC list (trunk or user) to set as the priority 
list. Use the no form of this command to disable the settings. Variations of this command include: 


voice codec-priority trunk 
voice codec-priority user 


Syntax Description 





trunk Specifies using the trunk’s CODEC list as the priority CODEC list. 
user Specifies using the user’s CODEC list as the priority CODEC list. 


Default Values 





No default values are necessary for this command. 


Command History 


Release 9.3 Command was introduced. 


Usage Examples 





The following example specifies using the trunk’s CODEC list as the priority CODEC list: 


(config)#voice codec-priority trunk 
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voice codec-subcountry <val/ue> 
Use the voice codec-subcountry command to assign a CODEC list for call negotiation and to enter the 


Voice CODEC List Configuration mode. Refer to Voice CODEC List Configuration Command Set on page 
2252 for details. Use the no form of this command to delete a configured CODEC list. 


Syntax Description 





<value> Specifies the CODEC country setting. The range is 0 to 65,535. 


Default Values 





By default, the codec-subcountry is set to 0. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example assigns the subcountry code: 


(config)#voice codec-subcountry 6606 
Warning: You must save the config and reboot the system for this setting to take effect. 
(config)# 
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voice compand-type 


Use the voice compand-type command to set the companding type to match your telecommunications 
provider. Use the no form of this command to return to the default setting. Variations of this command 
include: 


voice compand-type a-law 
voice compand-type u-law 


Syntax Description 





a-law Specifies the a-law compand type. This compand type is mainly used in 
European telephone networks for the conversion between analog and 
digital signals in PCM applications, and is similar to the North American 
mu-law standard. 


u-law Specifies the u-law compand type. This compand type is also known as 
mu-law, and is the PCM quasi-logarithmic curve. It is the 64 kbps standard 
North America voice amplitude sample used for encoding and decoding. 


Default Values 





By default, the companding type is set to u-law. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example configures the companding type to a-law: 


(config)#voice compand-type a-law 
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voice conferencing-mode 


Use the voice conferencing-mode command to determine if voice conferencing bridging will be handled 
within the unit or from a far-end conferencing server. Use the no form of this command to return to the 
default setting. Variations of this command include: 


voice conferencing-mode local 
voice conferencing-mode network 


Syntax Description 





local Specifies voice conferencing will be handled within the unit. 
network Specifies voice conferencing will be handled by a far-end conferencing 
server. 


Default Values 





By default, the voice conferencing mode is set to network. 


Command History 





Release A1 Command was introduced. 


Functional Notes 





The voice conferencing mode is only valid when the flashhook mode is set to interpreted. Refer to the 
voice flashook mode command on page 97/ for more information. 


Usage Examples 





The following example sets the conferencing mode to handle conference bridging within the local unit: 


(config)#voice conferencing-mode local 
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voice country-code <number> 


Use the voice country-code command to enter the country code for this location. The country code is used 
to determine if an incoming call is international. If a call originates from the SIP WAN and it matches the 
voice country-code number, the call is not international and the country code is stripped before passing 
the call to the customer premises equipment (CPE). Use the no form of this command to delete the country 
code. 


Syntax Description 





<number> Specifies the country code of this location (three digit maximum). 


Default Values 





No default value is necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 


The following example specifies a voice country-code of 203: 


(config)#voice country-code 203 
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voice coverage <name> 
Use the voice coverage command to create and modify a global call coverage list to be used to control call 


routing when a user’s phone is not answered. Use the no form of this command to remove a call coverage 
list. 


Syntax Description 





<name> Specifies a name for the call coverage list. 


Default Values 





No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example specifies that the call coverage list named absent be used for global call coverage: 


(config)#voice coverage absent 
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voice current-mode 


Use the voice current-mode command to activate a particular system mode on the unit. Variations of this 
command include: 


voice current-mode custom1 
voice current-mode custom2 
voice current-mode custom3 
voice current-mode default 
voice current-mode lunch 
voice current-mode night 
voice current-mode override 
voice current-mode weekend 


Syntax Description 





[custom1-custom3] Specifies the custom system mode to use. 
default Specifies using the default system mode. 
lunch Specifies using the lunch time system mode. 
night Specifies using the night time system mode. 
override Specifies using the override system mode. 
weekend Specifies using the weekend system mode. 


Default Values 





By default, the system mode is set to default. 


Command History 





Release A1 Command was introduced. 


Functional Notes 





This command is used to put the unit into a specific system mode. The unit remains in the activated system 
mode until it is changed manually or a schedule change occurs triggering a transition to another system 
mode. Schedules are configured using the command voice system-mode on page 996. 


If the system is in override, the unit will ignore any schedule that exists. The unit will stay in override until 
manually changed. This command is saved into the dynvoice-config file to preserve the state of the unit in 
case of power failure. 


Usage Examples 





The following example sets the current system mode to lunch: 


(config)#voice current-mode lunch 
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voice dial-plan 


Use the voice dial-plan command to add a global number complete pattern. Use the no form of this 
command to delete configured dial plans. Variations of this command include: 


voice dial-plan <pattern id> 900-number <pattern> 
voice dial-plan <pattern id> always-permitted <pattern> 
voice dial-plan <pattern id> extensions <pattern> 

voice dial-plan <pattern id> internal-operator <pattern> 
voice dial-plan <pattern id> international <pattern> 
voice dial-plan <pattern id> local <pattern> 

voice dial-plan <pattern id> long-distance <pattern> 
voice dial-plan <pattern id> operator-assisted <pattern> 
voice dial-plan <pattern id> specify-carrier <pattern> 
voice dial-plan <pattern id> toll-free <pattern> 

voice dial-plan <pattern id> [user1 | user 2 | user 3] <pattern> 


Syntax Description 





<pattern id> 
900-number 
always-permitted 
extensions 
internal-operator 
international 
local 
long-distance 
operator-assisted 
specify-carrier 
toll-free 

user1 

user2 

user3 

<pattern> 


Default Values 


Specifies dial pattern identification. Valid range is 1 to 255. 
Adds a pattern to the 900 number group. 
Adds a pattern to the always permitted group. 
Adds a pattern to the internal group. 

Adds a pattern to the internal operator group. 
Adds a pattern to the international group. 
Adds a pattern to the local group. 

Adds a pattern to the long distance group. 
Adds a pattern to the operator assisted group. 
Adds a pattern to the specify carrier group. 
Adds a pattern to the toll free group. 

Adds a pattern to the user 1 group. 

Adds a pattern to the user 2 group. 

Adds a pattern to the user 3 group. 


Specifies a dialing pattern. You can enter a complete phone number, or 
wildcards can be used to define the dialing pattern. Refer to Functional 
Notes of this command for more information on using wildcards. 





By default, no dial plans are configured. 


Command History 





Release 9.3 


Command was introduced. 
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Functional Notes 





The available wildcards for this command are: 


M = Any digit 1 to 8. 

X = Any single digit (0 to 9). 

N = Any digit 2 to 9. 

[abc] = Any digit contained in the bracketed list. 





numbers in the brackets. 


Wor Do not use dashes, commas, spaces, etc., inside the brackets. Commas are implied between 





The special characters ( ), -, + are always ignored. 


Examples: 1) 555-81xx matches 555-8100 to 555-8199. 
2) 555-81 2[012] matches 555-8120 to 555-8122. 
3) Nxx-xxxx matches 7 digit local. 
) 1-Nxx-Nxx-xxxx matches long distance calls in North America. 


Usage Examples 





The following example adds the pattern 8000 to the local group: 
(config)#voice dial-plan 1 local 8000 
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voice did <number> extension <exiension> 


Use the voice did extension command to add a direct inward dial (DID) number. Use the no form of this 
command to delete a configured translation. 


Syntax Description 


<number> Specifies the direct inward dial lookup number. 
<extension> Specifies the target account of the DID translation. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example directs DID number 5558123 to extension 8123: 
(config)#voice did 5558123 extension 8123 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 968 


Command Reference Guide Global Configuration Mode Command Set 





voice directory <name> 


Use the voice directory command to create or modify a voice directory and enter the Voice Directory 
Configuration mode. Use the no form of this command to delete a configured voice directory. Variations 
of this command include: 


voice directory <name> 


The following additional subcommands are available once you have entered the Voice Directory 
Configuration mode: 


directory-include <number> first-name <name> 
directory-include <number> first-name <name> last-name <name> 


Syntax Description 





<name> Specifies the name of the directory to create or modify. 


directory-include <number> Specifies the extension of the user to be added to the dial-by-name 
directory. Adding users to the directory allows them to call parties using a 
name stored in the system. Use the no form of this command to remove a 
user from the directory. 


first-name <name> Specifies the user’s first name. 
last-name <name> Optional. Specifies the user’s last name. 


Default Values 





By default, no voice directories are configured. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





Adding a voice directory is useful when taking advantage of the dial-by-name feature. By default, a system 
directory is always available. All voice users are automatically added as members of the system directory. 


Usage Examples 





The following example creates a new voice directory with name Engineering: 


(config)#voice directory Engineering 


The following example adds Jan Doe to the Engineering dial-by-name directory: 


(config)#voice directory Engineering 
(config-dir)#directory-include 5555 first-name Jan last-name Doe 
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voice feature-mode 


Use the voice feature-mode command to configure control of the voice features. Use the no form of this 
command to return to the default setting. Variations of this command include: 


voice feature-mode local 
voice feature-mode network 


Syntax Description 





local Allows voice features to be handled by the local unit. 
network Allows voice features to be handled by the network. 


Default Values 





By default, the voice feature mode is set to network. 


Command History 


Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the control of the voice features to the local unit: 


(config)#voice feature-mode local 
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voice flashhook mode 


Use the voice flashhook mode command to determine if flashhook events will be interpreted locally or 
will be forwarded to the far end. Use the no form of this command to return to the default setting. 
Variations of this command include: 


voice flashhook mode interpreted 
voice flashhook mode transparent 


Syntax Description 





interpreted Allows the local unit to interpret flashhook events. 
transparent Specifies flashhook events to be transparent to the provider. 


Default Values 





By default, the voice flashhook mode is set to interpreted. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the flashhook mode to allow the local unit to interpret flashhook events: 


(config)#voice flashhook mode interpreted 
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voice flashhook threshold <min time> <max time> 
Use the voice flashhook threshold command to configure the minimum and maximum time the switch 


hook must be held to be interpreted as a flash. Use the no form of this command to return to the default 
setting. 


Syntax Description 





<min time> Specifies minimum flashhook time in milliseconds. Valid range is from 
300 to 1000 milliseconds. 
<max time> Specifies maximum flashhook time in milliseconds. Valid range is from 


300 to 1000 milliseconds. 


Default Values 





By default, the flashhook threshold times are 300 milliseconds (minimum) and 1000 milliseconds 
(maximum). 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example configures the flashhook thresholds at a minimum of 400 to a maximum of 900: 


(config)#voice flashhook threshold 400 900 
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voice forward-mode 


Use the voice forward-mode command to control the forwarding mode of the unit. Use the no form of this 
command to return to the default settings. Variations of this command include: 


voice forward-mode local 
voice forward-mode network 


Syntax Description 





local Allows forwards to be handled locally by the unit. 
network Allows forwards to be handled by the network. 


Default Values 





By default, this command is set to network. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example configures the unit to handle forwards locally: 


(config)#voice forward-mode local 
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voice grouped-trunk <trunk id> 
Use the voice grouped-trunk command to create a grouped trunk and to enter the Grouped Trunk 


command set. Refer to Voice Trunk Group Command Set on page 2388 for details. Use the no form of this 
command to delete a configured grouped trunk. 


Syntax Description 





<trunk id> Specifies the name of the trunk group. 


Default Values 





By default, there are no configured grouped trunks. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates the trunk group trunk3: 


(config)#voice grouped-trunk trunk3 
(config-T RUNK3)# 
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voice hold-reminder 


Use the voice hold-reminder command to specify how long a call can be on hold before the hold reminder 
rings the phone again. Use the no form of this command to return to the default settings. Variations of this 
command include: 


voice hold-reminder <va/ue> 
voice hold-reminder <value> <interval> 


Syntax Description 





<value> Specifies how long a call can be on hold before the hold reminder rings the 
phone again. Range is 5 to 30 seconds. 


<interval> Optional. Specifies the interval at which all subsequent reminder rings will 
occur. Range is 10 to 120 seconds. 


Default Values 


The defaults for this command are a 10-second hold time before the first reminder ring with 30-second 
intervals between subsequent rings. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example sets the first reminder ring to occur after the call has been on hold for 20 seconds 
(with subsequent reminder rings occurring every 15 seconds until the call is picked up): 


(config)#voice hold-reminder 20 15 
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voice international-prefix 


Use the voice international-prefix command to configure the international prefix for this unit. Use the no 
form of this command to delete a configured prefix. Variations of this command include: 


voice international-prefix <prefix> 
voice international-prefix abbreviated 


Syntax Description 





abbreviated Specifies the international prefix be replaced with a plus symbol (+) in the 
SIP header. 
<prefix> Specifies the up to four digits for the prefix. 


Default Values 





By default, there is no configured international prefix. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example configures 011 as the international prefix: 


(config)#voice international-prefix 011 
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voice line <name> 


Use the voice line command to create (or modify) a voice line and enter voice line’s configuration mode. 
Use the no form of this command to delete a configured voice line. 


Syntax Description 


<name> Specifies the name or description of the voice line. 


Default Values 





By default, there are no configured voice lines. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example creates the voice line Public, and enters its voice line configuration mode: 


(config)#voice line Public 
Configuring New Line “Public”. 
(config-Public)# 
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voice loopback <number> 
Use the voice loopback command to configure the auto attendant options for the system. Use the no form 


of the commands to disable the settings. For more voice loopback account options, refer to Voice Loopback 
Account Config Command Set on page 2424. 


Syntax Description 





<number> Specifies the extension for the loopback account. 


Default Values 





No default values are necessary for this command. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example creates a loopback with extension (account) number 5555: 


(config)#voice loopback 5555 
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voice mail 


Use the voice mail command to configure voicemail options for the unit. Use the no form of this command 
to disable the settings. Refer to voice mail check on page 980 for additional arguments. Variations of this 
command include the following: 


voice mail alias <name> 

voice mail asterisk 

voice mail class-of-service <name> 
voice mail did <number> 

voice mail extension <extension> 

voice mail internal 

voice mail leave-extension <extension> 
voice mail max-login-attempts <number> 


Syntax Description 


alias <name> Specifies an alias name to use as an alternate when accessing 
voicemail. 

asterisk Enables voicemail on an external Asterisk server. 

class-of-service <name> Configures the voicemail class of services. 

did <number> Configures the direct inward dial number to assign to voicemail. 

internal Enables internal voicemail on the CompactFlash®. 

extension <extension> Specifies the extension users will dial to retrieve their voicemail. 

leave-extension <extension> Specifies the extension users will dial to leave a voicemail without 


ringing an extension. If a user forwards their phone to this extension, 
their calls will automatically forward to their voicemail box. 


max-login-attempts <number> Specifies the maximum number login attempts to voicemail accounts. 
Range is 0 to 9 attempts. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 12.1 Command was expanded. 


Usage Examples 





The following example specifies extension 7500 for voicemail retrieval: 


(config)#voice mail extension 7500 
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voice mail check 


Use the voice mail check command to configure user parameters for the voicemail check extension. Use 
the no form of this command to disable the settings. Variations of this command include the following: 


voice mail check alias <name> 

voice mail check sip-identity <station> <Txx> 

voice mail check sip-identity <station> <Txx> register 

voice mail check sip-identity <station> <Txx> register auth-name <username> password <password> 


Syntax Description 





alias <name> Specifies an alias name to use as an alternate when accessing the 
check extension. 

<station> Specifies the station to be used for SIP trunk (e.g., station extension). 

<Txx> Specifies the SIP trunk through which to register the server. The trunk 
is specified in the format Txx (e.g., T01). 

register Registers the user to the server. 


register auth-name <username> _ Sets the user name that will be required as authentication for 
registration to the SIP server. 


password <password> Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example configures the voice mail check sip-identity to use extension 6000 as its identity 
on trunk T04: 


(config)#voice mail check sip-identity 6000 T04 
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voice mail leave 


Use the voice mail leavecommand to configure user parameters for the voicemail leave extension. Use the 
no form of the command to disable the settings. Variations of this command include the following: 


voice mail leave alias <name> 

voice mail leave sip-identity <station> <Txx> 

voice mail leave sip-identity <station> <Txx> register 

voice mail leave sip-identity <station> <Txx> register auth-name <username> password <password> 


Syntax Description 





alias <name> Specifies an alias name to use as an alternate when accessing the 
check extension. 

<station> Specifies the station to be used for SIP trunk (e.g., station extension). 

<Txx> Specifies the SIP trunk through which to register the server. The trunk 


is specified in the format Txx (e.g., T01). 
register Registers the user to the server. 


register auth-name <username> ___ Sets the user name that will be required as authentication for 
registration to the SIP server. 


password <password> Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example configures the voice mail leave sip-identity to use extension 8000 as its identity 
on trunk T06: 


(config)#voice mail leave sip-identity 8000 T06 
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voice mail sip-identity 


Use the voice mail sip-identity command to configure SIP voicemail options for the unit. Use the no form 
of the command to disable the settings. Variations of this command include the following: 


voice mail sip-identity <sip /D> <sip trunk> 
voice mail sip-identity <sip /D> <sip trunk> register 
voice mail sip-identity <sip /D> <sip trunk> register auth-name <username> password <password> 


Syntax Description 





<sip ID> <sip trunk> Specifies a number to be used as the SIP ID (e.g., station extension) 
and the SIP trunk through which you will register to the server. 


register Registers the user to the server. 


register auth-name <username> __ Sets the user name that will be required as AUTHENTICATION for 
registration to the SIP server. 


password <password> Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values are necessary for this command. 


Command History 


Release 11.1 Command was introduced. 
Release 12.1 Command was expanded. 


Usage Examples 





The following example specifies trunk TO2 and extension 5800 for voice mail sip-identity: 


(config)#voice mail sip-identity 5800 T02 
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voice mail um-server address 


Use the voice mail um-server address command to set the unified messaging (UM) IP address to the 
external PC-based server running the ADTRAN Java-based server application. Use the no form of this 
command to disable this feature. Variations of this command include: 


voice mail um-server address <address> 
voice mail um-server address <address> port <port> 


Syntax Description 





<address> Specifies an IP address for the UM server. 
port <port> Optional. Specifies the UDP port for UM server. 


Default Values 





By default, the voicemail UM IP address is not configured. By default, the UDP port is set to 18364. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the voicemail UM server IP address to 208.61.209.1: 


(config)#voice mail um-server address 208.61.209.1 
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voice num-rings <va/lue> 


Use the voice num-rings command to globally specify the number of times a station will ring before 
beginning the coverage path that attempts to deliver a call to an available party. This setting can be 
overridden on a per-user basis using the num-rings command in the Voice User command set. Refer to 
Voice User Configuration Command Set on page 2487 for more information. Use the no form of this 
command to return to the default settings. 


Syntax Description 





<value> Specifies the number of times a station can ring with no answer. Range is 
0 to 9. Setting to 0 allows unlimited rings. 


Default Values 





The default for this command is 0 (unlimited rings). 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets a limit on the number of times a station can ring: 


(config)#voice num-rings 8 
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voice operator-group 
Use the voice operator-group command to access the Voice Operator Group command mode. Refer to 


Voice Operator Group Command Set on page 2322 for more information. Use the no form of this 
command to disable the settings. 


Syntax Description 





No subcommanas. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example enters the Operator Group configuration mode: 


(config)#voice operator-group 
Configuring Operator Group. 
(config-operator-group)# 
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voice overhead-paging extension <number> 


Use the voice overhead-paging extension command to specify the extension used for overhead paging. 
Use the no form of this command to disable the settings. 


Syntax Description 


<number> Specifies the extension to use for overhead paging. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures extension 3000 to be used for overhead paging: 


(config)#voice overhead-paging extension 3000 
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voice park-return <value> 


Use the voice park-return command to configure the time until a parked call returns. Use the no form of 
this command to return to the default setting. 


Syntax Description 


<value> Specifies time in seconds until a call returns from park if not retrieved. Valid 
range is 15 to 360 seconds. 


Default Values 





By default, the voice park-return time is set to 60 seconds. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the time a call returns from park to 30 seconds: 


(config)#voice park-return 30 
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voice prompt-language </anguage> 
Use the voice prompt-language command to specify the language to use for voice prompts (such as 


audios and voicemail menus) on the system. Use the no form of this command to disable the current 
language setting. 


Syntax Description 





<language> Specifies the language to use for voice prompts. The available choices are 
Dutch, English, French (Canadian), Italian, Latin American Spanish, and 
United Kingdom English. 


Default Values 





The default value for this command is English. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 


The following example specifies the voice prompt language as Italian: 


(config)#voice prompt-language Italian 
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voice ring-group <number> 
Use the voice ring-group command to create or modify ring group parameters. These additional 


commands are covered in Voice Ring Group Command Set on page 2337. Use the no form of this 
command to delete a configured ring group. 


Syntax Description 





<number> Specifies the ring group's four digit extension. 


Default Values 





By default, no ring groups are configured. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a new ring group with extension 5678: 


(config)#voice ring-group 5678 
Configuring New Group “5678”. 
(config-5678)# 
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voice service-mode 


Use the voice service-mode command to add a service mode transition. Variations of this command 
include: 


voice service-mode day <day> <time> 
voice service-mode lunch <day> <time> 
voice service-mode night <day> <time> 
voice service-mode weekend <day> <time> 


Syntax Description 





day Specifies a transition to day mode. 

lunch Specifies a transition to lunch mode. 

night Specifies a transition to night mode. 

weekend Specifies a transition to weekend mode. 

<day> Specifies the day of week the transition occurs. 

<time> Specifies the time for transition to occur (24-hour format - HH:MM). 


Default Values 





By default, the voice service-mode is set to day. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the voice service mode to day with a transition day of Monday and a transition 
time of 8:00 AM: 


(config)#voice service-mode day monday 08:00 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 990 


Command Reference Guide Global Configuration Mode Command Set 





voice speed-dial <unique id> <number> <name> 


Use the voice speed-dial command to create a list of IDs to be used as shortcuts to contact frequently 
called numbers. Use the no form of this command to return to the default settings. 


Syntax Description 


<unique id> The speed-dial number that will be used to contact the <number> specified. 
<number> Phone number associated with the speed-dial entry (digits only). 
<name> Description of this speed-dial entry. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets a speed-dial number of 8 for extension 9654: 


(config)#voice speed-dial 8 9654 3rdFloorLab 
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voice spre <pattern id> <pattern> 
Use the voice spre command to add a global special prefix (SPRE) complete pattern. This command 


allows users to enter a custom SPRE code. Use the no form of this command to delete a configured SPRE 
pattern. 


Syntax Description 





<pattern id> Specifies the SPRE pattern ID. Valid range is 1 to 255. 
<pattern> Specifies the SPRE pattern. Refer to Functional Notes below for more 
information. 


Default Values 





No default values are necessary for this command. 


Command History 


Release 9.3 Command was introduced. 


Functional Notes 





This command allows users to enter a SPRE code pattern. Patterns begin with * or #. If the pattern is 
followed by an &, then the dial plan number-complete templates are used to determine when the unit has 
enough digits to dial the number (for example, 67&). However, if a dial plan does not exist for a particular 
code that is needed, then a SPRE code may be entered followed by an independent dial plan 
number-complete template (for example, *67NXX-XXXX). The available wildcards for this command are: 


M = Any digit 1 to 8. 

X = Any single digit (0 to 9). 

N = Any digit 2 to 9. 

[abc] = Any digit contained in the bracketed list. 





Do not use dashes, commas, spaces, etc., inside the brackets. Commas are implied between 
numbers in the brackets. 


The special characters ( ), -, + are always ignored. 


555-81xx matches 555-8100 to 555-8199. 

555-81 2[012] matches 555-8120 to 555-8122. 

Nxx-xxxx matches 7 digit local. 

1-Nxx-Nxx-xxxx matches long distance calls in North America. 


Examples: 1 
2 
3 
4 


Usage Examples 





The following sets the complete pattern for SPRE 1: 
(config)#voice spre 1 *67NXX-XXXX 
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voice spre-mode 


Use the voice spre-mode command to control whether special prefix (SPRE) codes will be interpreted by 
the unit locally or forwarded to the network for interpretation. Use the no form of this command to return 
to the default settings. Variations of this command include: 


voice spre-mode local 
voice spre-mode network 


Syntax Description 





local Specifies that SPRE codes are interpreted locally by the unit. 
network Specifies the forwarding of SPRE codes to the network. 


Default Values 





By default, this command is set to forward SPRE codes to the network. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following examples configures the unit to interpret SPRE codes: 


(config)#voice spre-mode local 
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voice status-group expires 


Use the voice status-group expires command to add a status group subscription time for status group 
clients. Any subscription time requests that fall between the minimum and maximum values will be 
instructed to use the default value instead. Variations of this command include: 


voice status-group default-expires <value> 
voice status-group max-expires <va/lue> 
voice status-group min-expires <value> 


Syntax Description 





default-expires <value> Specifies a default subscription time. The valid range is 120 to 
86,400 seconds. 

max-expires <value> Specifies a maximum subscription time. The valid range is 120 to 
86,400 seconds. 

min-expires <value> Specifies a minimum subscription time. The valid range is 120 to 
86,400 seconds. 


Default Values 


By default, the voice status group default-expires value is set to 120 seconds, max-expires value is set to 
3600, and the min-expires is set to 86400. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example sets the voice status group maximum subscription time to 2 hours: 


(config)#voice status-group max-expires 7200 
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voice status-group 


Use the voice status-group command to create or modify a voice status group and enter the Voice Status 
Group Configuration mode. Use the no form of this command to delete a voice status group. Variations of 
this command include: 


voice status-group <name> 


The following additional subcommands are available once you have entered the Voice Status Group 
Configuration mode: 


park-zone <value> 
user <number> 
user <number> display-name <name> 


Syntax Description 





<name> Specifies the name of the voice status group to create, modify, or delete. 


park-zone <value> Specifies the new park zone number to add to this voice status group. The 
valid range is 0 to 9. 


user <number> Specifies the extension of the user to add to this status group. 


display-name <name> Optional. Specifies an override name to appear as the user’s name when 
displayed on the device (caller ID). 


Default Values 





By default, there are no voice status group configured. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example creates a new voice status group with the name Engineering: 


(config)#voice status-group Engineering 


The following example adds park zone 4 to the Engineering status group directory: 

(config)#voice status-group Engineering 

(config-status-Engineering)#park-zone 4 

The following example adds user 5555 to the status group directory as the general Test Lab contact: 


(config)#voice status-group Engineering 
(config-status-Engineering)#user 5555 display-name Test Lab 
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voice system-mode 


Use the voice system-mode command to configure the system mode schedules. When triggered by the 
system-clock, AOS units transition into a system mode based on the schedule. Use the no form of this 
command to disable the settings. Variations of this command include the following: 


voice system-mode custom! <day> <time> 
voice system-mode custom2 <day> <time> 
voice system-mode custom3 <day> <time> 
voice system-mode default <day> <time> 
voice system-mode lunch <day> <time> 
voice system-mode night <day> <time> 
voice system-mode weekend <day> <time> 


Syntax Description 





<day> Specifies the day of the week. Choose from Sunday through Saturday. 
<time> Specifies the time of the day in 24-hour format (HH:MM). 

custom1 - custom3 Indicates the custom mode (1 through 3) to configure. 

default Indicates the default-time system mode to configure. 

lunch Indicates the lunch-time system mode to configure. 

night Indicates the night-time system mode to configure. 

weekend Indicates the weekend system mode to configure. 


Default Values 





By default, no system mode commands are configured, the unit will operate in the default mode. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example configures a typical 5-day business week: 
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voice timeouts 


Use the voice timeouts command to configure the time limits for phases. Use the no form of this command 
to return to the default settings. Variations of this command include: 


voice timeouts alerting <va/ue> 
voice timeouts connected <value> 
voice timeouts interdigit <va/ue> 


Syntax Description 





alerting <value> Specifies the maximum time a call is allowed to remain in the alerting state. 
The shorter of this timeout or the configured maximum number of rings will 
determine how long a call is allowed to ring. The valid range is 0 (unlimited) 
to 60 minutes. 


connected <value> Specifies the maximum time a call is allowed to remain in the connected 
state. The valid range is 0 (unlimited) to 1000 hours. 


interdigit <value> Specifies the maximum time allowed between dialed digits. The valid range 
is 1 to 16 seconds. 


Default Values 





By default, the alerting timeout is 5 minutes, the connected timeout is 12 hours. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example sets the alerting timeout to 30 seconds: 


(config)#voice timeouts alerting 30 
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voice transfer 


Use the voice transfer command to set the unattended transfer for the system only. Use the no form of this 
command to return to the default setting. Variations of this command include: 


voice transfer blind 
voice transfer unattended 


Syntax Description 





blind Converts unattended transfer attempts to RFC 3891-compliant blind 
transfers. 
unattended Unattended transfer attempts are not modified. 


Default Values 





The default setting is unattended. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example configures the voice transfer type to blind: 


(config)#voice transfer blind 
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voice transfer-mode 


Use the voice transfer-mode command to specify whether transferred calls will be controlled by the unit 
locally, or if the network will control them. Use the no form of this command to return to the default 
settings. Variations of this command include: 


voice transfer-mode local 
voice transfer-mode network 


Syntax Description 





local Specifies that call transferring is controlled locally by the unit. 
network Specifies that call transferring is controlled by the network. 


Default Values 





By default, the network controls call transfers. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the unit to handle call transfers: 


(config)#voice transfer-mode local 
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voice transfer-on-hangup 


Use the voice transfer-on-hangup command to enable this feature. When transferring a call, hanging up 
initiates the transfer to the destination party. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this feature is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables this feature: 


(config)#voice transfer-on-hangup 
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voice trunk <trunk id> type 


Use the voice trunk type command to define a new trunk for use with a SIP or ISDN interface. Executing 
this command activates the Voice Trunk Configuration mode for the individual trunk. Refer to Voice Trunk 
ISDN Command Set on page 2395 for information on the commands in that mode. Other trunk types are 
explained in the section voice trunk <trunk id> type analog supervision on page 1002. Use the no form of 
this command to delete a configured voice trunk. Variations of this command include: 


voice trunk <trunk id> type isdn 
voice trunk <trunk id> type sip 





Refer to the SIP Trunk Configuration Guide and the Total Access 900 Series ISDN PRI 
‘wore Quick Configuration Guide for more information on voice trunks. These documents are 
located on the AOS Documentation CD provided with your unit. 





Syntax Description 





<trunk id> Specifies the trunk's two-digit identifier in the format Txx (for example, T12). 
isdn Configures the trunk for use with ISDN service. 
sip Configures this trunk for use with SIP. 


Default Values 


No default necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command was expanded to include analog and ISDN support. 


Usage Examples 





The following example creates the new trunk T12 for use with SIP and enters the Voice Trunk 
Configuration mode: 


(config)#voice trunk t12 type sip 
(config-T 12)# 
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voice trunk <trunk id> type analog supervision 


Use the voice trunk type analog supervision command to define a new trunk for an analog interface. 
Executing this command activates the Voice Trunk Analog Configuration mode for the individual trunk. 
Use the no form of this command to delete a configured voice trunk. Refer to Voice Trunk Analog 
Command Set on page 2355 for information on the commands in that mode. Variations of this command 
include the following: 


voice trunk <trunk id> type analog supervision dpt 
voice trunk <trunk id> type analog supervision ground-start 
voice trunk <trunk id> type analog supervision loop-start 


Syntax Description 


<trunk id> Specifies the trunk’s two-digit identifier in the format Txx (for example, T01). 
dpt Specifies dial pulse terminate (DPT) with an assumed user role. 
ground-start Specifies ground start with an assumed user role. 

loop-start Specifies loop start with an assumed user role. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 9.1 Command was introduced. 


Usage Examples 





The following example creates the new trunk T15 for use with an analog interface and enters the Voice 
Trunk Analog DPT Configuration mode: 


(config)#voice trunk t15 type analog supervision dpt 
(config-T 15)# 
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voice trunk <trunk id> type t1-rbs supervision 


Use the voice trunk type t1-rbs supervision command to define a new trunk for a T1 interface. Executing 
this command activates the Voice Trunk T1 Configuration mode for the individual trunk. Use the no form 
of this command to delete a configured voice trunk. Refer to Voice Trunk T1 Command Set on page 2448 

for information on the commands in that mode. Other trunk types are explained in the section voice trunk 

<trunk id> type on page 1001. Variations of this command include the following: 


voice trunk <trunk id> 

voice trunk <trunk id> type t1-rbs supervision fgd role user 

voice trunk <irunk id> type t1-rbs supervision ground-start role user 
voice trunk <irunk id> type t1-rbs supervision immediate role network 
voice trunk <irunk id> type t1-rbs supervision immediate role user 
voice trunk <irunk id> type t1-rbs supervision loop-start role user 
voice trunk <trunk id> type t1-rbs supervision tie-fgd 

voice trunk <trunk id> type t1-rbs supervision wink role network 
voice trunk <trunk id> type t1-rbs supervision wink role user 


Syntax Description 





<trunk id> Specifies the trunk's two-digit identifier in the format Txx (for example, T01). 
fgd Specifies feature group D with an assumed user role. 

ground-start Specifies ground start with an assumed user role. 

immediate Specifies E&M immediate with an assumed network or user role. 
loop-start Specifies loop start with an assumed user role. 

tie-fgd Specifies tie trunk with feature group D. 

wink Specifies wink with an assumed network or user role. 

role network Specifies the network role for this trunk. 

role user Specifies the user role for this trunk. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 12.1 Command was expanded. 


Usage Examples 





The following example creates the new trunk T15 for use with a T1 interface and enters the Voice Trunk T1 
Wink Configuration mode: 


(config)#voice trunk t15 type t1-rbs supervision wink role network 
(config-T15)# 
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voice user <extension> 
Use the voice user command to create a new user extension and to enter the Voice User command set. Use 


the no form of this command to delete a configured extension or modify an existing extension’s 
parameters. Refer to Voice User Configuration Command Set on page 2487 for details. 


Syntax Description 





<extension> Specifies user’s extension. 


Default Values 





By default, there are no configured voice users. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a new user with extension 9876: 


(config)#voice user 9876 
Configuring New User “9876”. 
(config-9876)# 
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LINE INTERFACE COMMAND SETS 


This section includes the following command sets: 
¢ Line (Console) Interface Config Command Set on page 1006 


e Line (SSH) Interface Config Command Set on page 1022 
e Line (Telnet) Interface Config Command Set on page 1034 
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LINE (CONSOLE) INTERFACE CONFIG COMMAND SET 


To activate the Line (Console) Interface Configuration mode, enter the line console 0 command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#line console 0 
(config-con 0)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


accounting commands begin on page 1007 
authorization commands begin on page 1010 
databits <value> on page 1012 

flowcontrol on page 1013 

line-timeout <value> on page 1014 

login on page 1015 

login authentication <aaa login list> on page 1016 
login local-userlist on page 1017 

parity on page 1018 

password <password> on page 1019 

speed <rate> on page 1020 

stopbits <value> on page 1021 
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accounting commands 


Use the accounting commands command to assign AAA accounting methods to lines. You must first turn 
AAA on for this command to become available. Use the no form of this command to disable this feature. 
Variations of this command include: 


accounting commands </evel> <name> 
accounting commands </eve/> default 


Syntax Description 





<level> Specifies a command level. Choose from 1 or 15. 
<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example applies the default accounting method to line 1: 


(config)#aaa on 
(config)#line console 0 
(config-con0)#accounting commands 1 default 
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accounting connection 


Use the accounting connection command to assign AAA accounting methods to lines. You must first turn 
AAA on for this command to become available. For more detailed information on AAA functionality, refer 
to the Technology Review section of the command aaa on on page 618. Use the no form of this command 


to disable this feature. Variations of this command include the following: 


accounting connection <name> 
accounting connection default 


Syntax Description 





<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, there is no accounting method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default accounting method to account the outbound Telnet 
sessions on this line: 


(config)#aaa on 
(config)#line console 0 
(config-console0)#accounting connection default 
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accounting exec 


Use the accounting exec command to assign AAA accounting methods to lines. You must first turn AAA 
on for this command to become available. For more detailed information on AAA functionality, refer to 
the Technology Review section of the command aaa on on page 618. Use the no form of this command to 
disable this feature. Variations of this command include the following: 


accounting exec <name> 
accounting exec default 


Syntax Description 





<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, there is no accounting method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default accounting method to account all inbound Telnet 
sessions on this line: 


(config)#aaa on 
(config)#line console 0 
(config-console0)#accounting exec default 
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authorization commands 


Use the authorization commands command to assign AAA authorization methods to lines. You must first 
turn AAA on for this command to become available. Use the no form of this command to disable this 
feature. Variations of this command include: 


authorization commands </evel> <name> 
authorization commands </evel> default 


Syntax Description 





<level> Specifies a command level. Choose from 1 or 15. 
<name> Applies a named authorization method to this line. 
default Applies the default authorization method to a line. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example applies the default authorization method to line 1: 


(config)#aaa on 
(config)#line console 0 
(config-con0)#authorization commands 1 default 
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authorization exec 


Use the authorization exec command to assign AAA authorization methods to lines. You must first turn 
AAA on for this command to become available. For more detailed information on AAA functionality, refer 
to the Technology Review section of the command aaa on on page 618. Use the no form of this command 
to disable this feature. Variations of this command include the following: 


authorization exec <name> 
authorization exec default 


Syntax Description 





<name> Applies a named authorization method to this line. 
default Applies the default authorization method to a line. 


Default Values 





By default, there is no authorization method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default authorization method on this line to authorize an exec 
session: 


(config)#aaa on 
(config)#line console 0 
(config-consoleO))#authorization exec default 
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databits <value> 
Use the databits command to set the number of databits per character for a terminal session. This value 


must match the configuration of your VT100 terminal or terminal emulator software. The default is 8 
databits per character. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the data bits per character. Select from 7 or 8 databits per 
character. 


Default Values 





By default, the databits are set to 8. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures 7 databits per character for the console terminal session: 


(config)#line console 0 
(config-con 0)#databits 7 
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flowcontrol 


Use the flowcontrol command to set flow control for the line console. Use the no form of this command to 
return to the default setting. Variations of this command include: 


flowcontrol none 
flowcontrol software in 


Syntax Description 





none Specifies no flow control. 
software in Configures AOS to derive flow control from the attached device. 


Default Values 





By default, flow control is set to none. 


Command History 


Release 3.1 Command was introduced. 


Usage Examples 





The following example configures no flow control for the line console: 


(config)#line console 0 
(config-con 0)#flowcontrol none 
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line-timeout <value> 


Use the line-timeout command to specify the number of minutes a line session may remain inactive before 
AOS terminates the session. Use the no form of this command to return to the default value. 


Syntax Description 


<value> Specifies the number of minutes a line session may remain inactive before 
AOS terminates the session. Range is 0 to 35,791 minutes. 


Entering a line-timeout value of 0 disables the feature. 


Default Values 





By default, the line-timeout is set to 15 minutes (Console and Telnet). 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies a timeout of 2 minutes: 


(config)#line console 0 
(config-con 0)#line-timeout 2 
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login 
Use the login command to enable security login on the line session. Additionally, it is necessary to 


configure the password using the password command (refer to page 1019). Use the no form of this 
command to disable the login feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, there is no login password set to access the unit. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables the security login feature and specifies a password (mypassword) on the 
available console session: 


(config)#line console 0 
(config-console 0)#login 
(config-console 0)#password mypassword 
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login authentication <aaa login list> 


Use the login authentication command to specify the named AAA login list to use for authenticating users 
connecting on this line. Use the no form of this command to return to the default setting. 


Syntax Description 


<aaa login list> Specifies the AAA login list to use for authentication. 


Default Values 
The default value is the default AAA list. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





If the AAA subsystem is activated but no login authentication list is given, the default list is used. If the 
default list is used but the default list is not configured, the behavior for consoles is to be granted access. 
This prevents a lockout configuration. 


Usage Examples 





The following example specifies that myList will be used for authenticating users connecting on this line: 


(config)#line console 0 
(config-con 0)#login authentication myList 
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login local-userlist 


Use the login local-userlist command to enable security login for the terminal session. It is required to 
configure usernames and passwords using the username/password command from the Global 
Configuration mode (refer to page 948). Use the no form of this command to disable the login 
local-userlist feature. 





the login local-userlist command. 


Wor All user properties assigned using the username/password command are valid when using 





Syntax Description 





No subcommanads. 


Default Values 





By default, there is no login password set to access the unit. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example displays creating a local userlist and enabling the security login feature on the 
CONSOLE port: 


(config)#username my_user password my_password 
(config)#line console 0 
(config-con 0)#login local-userlist 


When connecting to the unit, the following prompts are displayed: 


User Access Login 
Username: ADTRAN 
Password: 

Router# 
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parity 


Use the parity command to specify the type of parity used as error correction. This value must match the 
configuration of your VT100 terminal or terminal emulator software. Use the no form of this command to 
return to the default value. Variations of this command include: 


parity even 
parity mark 
parity none 
parity odd 
parity space 


Syntax Description 





even Sets the parity bit to 0 if the number of 1 bits in the data sequence is odd, or 
set to 1 if the number of 1 bits is even. 

mark Always sets the parity bit to 1. 

none No parity bit used. 

odd Sets the parity bit to 1 if the number of 1 bits in the data sequence is even, 


or set to 1 if the number is odd. 
space Always sets the parity bit to 0. 


Default Values 





By default, the parity option is set to none. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Parity is the process used to detect whether characters have been altered during the data transmission 
process. Parity bits are appended to data frames to ensure that parity (whether it be odd or even) is 
maintained. 


Usage Examples 





The following example specifies mark parity for the console terminal session: 


(config)#line console 0 
(config-con 0)#parity mark 
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password <password> 


Use the password command to configure the password (with optional encryption) required on the line 
session when security login is enabled (using the login command on page 1015). Use the no form of this 
command to remove a configured password. Variations of this command include: 


password <password> 
password md5 <password> 


Syntax Description 





<password> Specifies the password for the line session using an alphanumeric 
character string (up to 16 characters). 

md5 Specifies Message Digest 5 (MD5) as the encryption protocol to use when 
displaying the enable password during show commands. If the MD5 
keyword is not used, encryption is not used when displaying the enable 
password during show commands. 


Default Values 





By default, there is no login password set for access to the unit. 


Command History 





Release 1.1 Command was introduced. 
Release 6.1 Encryption was added. 


Usage Examples 





The following example enables the security login feature and specifies a password on the CONSOLE port: 


(config)#line console 0 
(config-con 0)#login 
(config-con 0)#password mypassword 


To provide extra security, AOS can encrypt the enable password when displaying the current configuration. 
For example, the following is a show configuration printout (password portion) with an unencrypted 
enable password (ADTRAN): 


enable password ADTRAN 
| 


Alternately, the following is a show configuration printout (password portion) with an enable password of 
ADTRAN using md5 encryption: 


enable password md5 encrypted 5aa5fbae7d01a90e79fb57705ce74676 
| 
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speed <rate> 


Use the speed command to specify the data rate for the CONSOLE port. This setting must match your 
VT100 terminal emulator or emulator software. Use the no form of this command to restore the default 
value. 


Syntax Description 


<rate> Specifies rate of data transfer on the interface (2400; 4800; 9600; 19,200; 
38,400; 57,600; or 115,200 bps). 





Default Values 





By default, the speed is set to 9600 bps. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures the CONSOLE port for 19,200 bps: 


(config)#line console 0 
(config-con 0)#speed 19200 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1020 


Command Reference Guide Line (Console) Interface Config Command Set 





stopbits <value> 
Use the stopbits command to set the number of stopbits per character for a terminal session. This value 


must match the configuration of your VT100 terminal or terminal emulator software. The default is 1 
stopbit per character. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the stopbits per character. Select from 1 or 2 stopbits per 
character. 


Default Values 





By default, the stopbits are set to 1. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures 2 stopbits per character for the console terminal session: 


(config)#line console 0 
(config-con 0)#stopbits 2 
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LINE (SSH) INTERFACE CONFIG COMMAND SET 


To activate the Line Secure Shell (SSH) Interface Configuration mode, enter the line ssh command 
specifying a SSH session(s) at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#line ssh 0 4 
(config-sshO-4)# 


You can select a single line by entering the line ssh command followed by the line number (0-4). For 
example: 


>enable 

#configure terminal 
(config)#line ssh 2 
(config-ssh2)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


access-class <name> in on page 1023 

accounting commands begin on page 1025 
authorization commands begin on page 1028 
line-timeout <value> on page 1030 

login on page 1031 

login authentication <aaa login list> on page 1032 


login local-userlist on page 1033 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1022 


Command Reference Guide Line (SSH) Interface Config Command Set 





access-class <name> in 


Use the access-class in command to restrict Secure Shell (SSH) access using a configured access control 
list (ACL). Received packets passed by the ACL will be allowed. Use the ACL configuration to deny hosts 
or entire networks or to permit specified IP addresses. Use the no form of this command to disable this 
feature. Refer to ip access-list standard <name> on page 677 and ip access-list extended <name> on page 
673 for more information about configuring ACLs. Variations of this command include: 


access-class <name> in 
access-class <name> in any-vrf 


Syntax Description 





<name> Identifies the configured ACL using an alphanumeric descriptor (all ACL 
descriptors are case-sensitive). 

any-vrf Optional. Allows incoming connections from any VRF instance based on the 
parameters set in the access class list. Without this keyword, the ACL only 
applies to the default VRF and all telnet/SSH connections on non-default 
VRFs will be ignored. 


Default Values 





By default, there are no configured ACLs associated with SSH sessions. 


Command History 





Release 11.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





When using the access-class in command to associate an ACL with an SSH session, remember to 
duplicate the access-class in command for all configured SSH sessions 0 through 4. SSH access to the 
unit using a specific SSH session is not possible. Users will be assigned the first available SSH session. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 
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Usage Examples 





The following example associates the ACL Trusted (to allow SSH sessions from the 192.22.56.0/24 
network) with all SSH sessions (0 through 4) on all VRF instances: 


Create the ACL: 


(config)#ip access-list standard Trusted 
(config)#permit 192.22.56.0 0.0.0.255 


Enter the line (SSH): 


(config)#line ssh 0 4 


Associate the ACL with the SSH session: 


(config-sshO-4)#access-class Trusted in any-vrf 
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accounting commands 


Use the accounting commands command to assign AAA accounting methods to lines. You must first turn 
AAA on for this command to become available. Use the no form of this command to disable this feature. 
Variations of this command include: 


accounting commands </evel> <name> 
accounting commands </eve/> default 


Syntax Description 





<level> Specifies a command level. Choose from 1 or 15. 
<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example applies the default accounting method to line 1: 


(config)#aaa on 
(config)#line ssh 1 
(config-ssh1)#accounting commands 1 default 
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accounting connection 


Use the accounting connection command to assign AAA accounting methods to lines. You must first turn 
AAA on for this command to become available. For more detailed information on AAA functionality, refer 
to the Technology Review section of the command aaa on on page 618. Use the no form of this command 


to disable this feature. Variations of this command include the following: 


accounting connection <name> 
accounting connection default 


Syntax Description 





<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, there is no accounting method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default accounting method to account the outbound Telnet 
sessions on this line: 


(config)#aaa on 
(config)#line ssh 1 
(config-ssh1)#accounting connection default 
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accounting exec 


Use the accounting exec command to assign AAA accounting methods to lines. You must first turn AAA 
on for this command to become available. For more detailed information on AAA functionality, refer to 
the Technology Review section of the command aaa on on page 618. Use the no form of this command to 
disable this feature. Variations of this command include the following: 


accounting exec <name> 
accounting exec default 


Syntax Description 





<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, there is no accounting method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default accounting method to account all inbound Telnet 
sessions on this line: 


(config)#aaa on 
(config)#line ssh 1 
(config-ssh1)#accounting exec default 
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authorization commands 


Use the authorization commands command to assign AAA authorization methods to lines. You must first 
turn AAA on for this command to become available. Use the no form of this command to disable this 
feature. Variations of this command include: 


authorization commands </evel> <name> 
authorization commands </evel> default 


Syntax Description 





<level> Specifies a command level. Choose from 1 or 15. 
<name> Applies a named authorization method to this line. 
default Applies the default authorization method to a line. 


Default Values 





By default, this command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example applies the default authorization method to line 1: 


(config)#aaa on 
(config)#line ssh 1 
(config-ssh1)#authorization commands 1 default 
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authorization exec 


Use the authorization exec command to assign AAA authorization methods to lines. You must first turn 
AAA on for this command to become available. For more detailed information on AAA functionality, refer 
to the Technology Review section of the command aaa on on page 618. Use the no form of this command 
to disable this feature. Variations of this command include the following: 


authorization exec <name> 
authorization exec default 


Syntax Description 





<name> Applies a named authorization method to this line. 
default Applies the default authorization method to a line. 


Default Values 





By default, there is no authorization method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default authorization method on this line to authorize an exec 
session: 


(config)#aaa on 
(config)#line ssh 1 
(config-ssh1)#authorization exec default 
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line-timeout <value> 


Use the line-timeout command to specify the number of minutes a line session may remain inactive before 
AOS terminates the session. Use the no form of this command to return to the default value. 


Syntax Description 


<value> Specifies the number of minutes a line session may remain inactive before 
AOS terminates the session. Valid range: 0 to 35,791. 


Entering a line-timeout value of 0 disables the feature. 


Default Values 





By default, the line-timeout is set to 15 minutes. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies a timeout of 2 minutes for all SSH sessions: 


(config)#line ssh 0 4 
(config-ssh0-4)#line-timeout 2 
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login 


Use the login command to enable security login on the line session requiring the password configured 
using the password command. Use the no form of this command to disable the login feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, there is no login password set for access to the unit. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables the security login feature and specifies a password on all the available 
SSH sessions (0 through 4): 


(config)#line ssh 0 4 
(config-ssh0-4)#login 
(config-ssh0-4)#password mypassword 
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login authentication <aaa login list> 


Use the login authentication command to assign the named AAA login list to use for authenticating users 
connecting on this line. Use the no form of the command to remove the AAA authentication list. 


Syntax Description 


<aaa login list> Specifies the name of the AAA login list to use for authentication. 


Default Values 
The default value is the default AAA list. 





Command History 





Release 11.1 Command was introduced. 


Functional Notes 





If the AAA subsystem is activated but no login authentication list is given, the default list is used. If the 
default list is used but the default list is not configured, SSH uses the local user database. 


Usage Examples 





The following example specifies that myList will be used for authenticating users connecting on this line: 


(config)#line ssh 2 
(config-ssh2)#login authentication myList 
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login local-userlist 


Use the login local-userlist command to check the local list of usernames and passwords configured using 
the username/password Global Configuration command (refer to username <username> password 
<password> on page 948). 





Wor All user properties assigned using the username/password command are valid when using 


the login local-userlist command. 





Syntax Description 





No subcommanas. 


Default Values 


By default, there is no login password set for access to the unit. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example creates a local userlist and enables the security login feature: 


(config)#username my_user password my_password 
(config)#line ssh 0 
(config-sshO)#login local-userlist 


When connecting to the unit, the following prompts are displayed: 


User Access Login 
Username: my_user 
Password: 

# 
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LINE (TELNET) INTERFACE CONFIG COMMAND SET 


To activate the Line (Telnet) Interface Configuration mode, enter the line telnet command specifying a 
Telnet session(s) at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#line telnet 0 4 
(config-telnet0-4)# 


You can select a single line by entering the line telnet command followed by the line number (0-4). For 
example: 


>enable 

#configure terminal 
(config)#line telnet 2 
(config-telnet2)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


access-class <name> in on page 1035 

accounting commands begin on page 1038 
authorization commands begin on page 1040 
line-timeout <value> on page 1042 

login on page 1043 

login authentication <aaa login list> on page 1044 
login local-userlist on page 1045 

password <password> on page 1046 
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access-class <name> in 


Use the access-class in command to restrict Secure Shell (SSH) access using a configured access control 
list (ACL). Received packets passed by the ACL will be allowed. Use the ACL configuration to deny hosts 
or entire networks or to permit specified IP addresses. Use the no form of this command to disable this 
feature. Refer to ip access-list standard <name> on page 677 and ip access-list extended <name> on page 
673 for more information about configuring ACLs. Variations of this command include: 


access-class <name> in 
access-class <name> in any-vrf 


Syntax Description 





<name> Identifies the configured ACL using an alphanumeric descriptor (all ACL 
descriptors are case-sensitive). 

any-vrf Optional. Allows incoming connections from any VRF instance based on the 
parameters set in the access class list. Without this keyword, the ACL only 
applies to the default VRF and all telnet/SSH connections on non-default 
VRFs will be ignored. 


Default Values 





By default, there are no configured ACLs associated with SSH sessions. 


Command History 





Release 11.1 Command was introduced. 
Release 16.1 Command was expanded to include the VRF parameter. 


Functional Notes 





When using the access-class in command to associate an ACL with an SSH session, remember to 
duplicate the access-class in command for all configured SSH sessions 0 through 4. SSH access to the 
unit using a specific SSH session is not possible. Users will be assigned the first available SSH session. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 
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Usage Examples 





The following example associates the ACL Trusted (to allow Telnet sessions from the 192.22.56.0/24 
network) with all Telnet sessions (0 through 4) on all VRF instances: 


Create the ACL: 

(config)#ip access-list standard Trusted 
(config)#permit 192.22.56.0 0.0.0.255 
Enter the line (telnet): 


(config)#line ssh 0 4 


Associate the ACL with the Telnet session: 


(config-telnet0-4)#access-class Trusted in any-vrf 
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accounting commands 


Use the accounting commands command to assign AAA accounting methods to lines. You must first turn 
AAA on for this command to become available. Use the no form of this command to disable this feature. 
Variations of this command include: 


accounting commands </evel> <name> 
accounting commands </eve/> default 


Syntax Description 





<level> Specifies a command level. Choose from 1 or 15. 
<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, for this accounting commands is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example applies the default accounting method to Telnet session 1: 


(config)#aaa on 
(config)#line telnet 1 
(config-telnet1)#accounting commands 1 default 
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accounting connection 


Use the accounting connection command to assign AAA accounting methods to lines. You must first turn 
AAA on for this command to become available. For more detailed information on AAA functionality, refer 
to the Technology Review section of the command aaa on on page 618. Use the no form of this command 


to disable this feature. Variations of this command include the following: 


accounting connection <name> 
accounting connection default 


Syntax Description 





<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, there is no accounting method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default accounting method to account the outbound Telnet 
sessions on this line: 


(config)#aaa on 
(config)#line telnet 1 
(config-telnet1 )#accounting connection default 
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accounting exec 


Use the accounting exec command to assign AAA accounting methods to lines. You must first turn AAA 
on for this command to become available. For more detailed information on AAA functionality, refer to 
the Technology Review section of the command aaa on on page 618. Use the no form of this command to 
disable this feature. Variations of this command include the following: 


accounting exec <name> 
accounting exec default 


Syntax Description 





<name> Applies a named accounting method to this line. 
default Applies the default accounting method to a line. 


Default Values 





By default, there is no accounting method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default accounting method to account all inbound Telnet 
sessions on this line: 


(config)#aaa on 
(config)#line telnet 1 
(config-telnet1)#accounting exec default 
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authorization commands 


Use the authorization commands command to assign AAA authorization methods to lines. You must first 
turn AAA on for this command to become available. Use the no form of this command to disable this 
feature. Variations of this command include: 


authorization commands </evel> <name> 
authorization commands </evel> default 


Syntax Description 





<level> Specifies a command level. Choose from 1 or 15. 
<name> Applies a named authorization method to this line. 
default Applies the default authorization method to a line. 


Default Values 





By default, authorization commands is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example applies the default authorization method to line 1: 


(config)#aaa on 
(config)#line telnet 1 
(config-telnet1 )#authorization commands 1 default 
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authorization exec 


Use the authorization exec command to assign AAA authorization methods to lines. You must first turn 
AAA on for this command to become available. For more detailed information on AAA functionality, refer 
to the Technology Review section of the command aaa on on page 618. Use the no form of this command 
to disable this feature. Variations of this command include the following: 


authorization exec <name> 
authorization exec default 


Syntax Description 





<name> Applies a named authorization method to this line. 
default Applies the default authorization method to a line. 


Default Values 





By default, there is no authorization method applied to a line. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies using the default authorization method on this line to authorize an exec 
session: 


(config)#aaa on 
(config)#line telnet 1 
(config-telnet1)#authorization exec default 
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line-timeout <value> 


Use the line-timeout command to specify the number of minutes a line session may remain inactive before 
AOS terminates the session. Use the no form of this command to return to the default value. 


Syntax Description 


<value> Specifies the number of minutes a line session may remain inactive before 
AOS terminates the session. Range is 0 to 35,791 minutes. 


Entering a line-timeout value of 0 disables the feature. 


Default Values 





By default, the line-timeout is set to 15 minutes (Console and Telnet). 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies a timeout of 2 minutes: 


(config)#line telnet 0 
(config-telnetO)#line-timeout 2 
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login 


Use the login command to enable security login on the line session requiring the password configured 
using the password command. Use the no form of this command to disable the login feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, there is no login password set for access to the unit. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables the security login feature and specifies a password on all the available 
Telnet sessions (0 through 4): 


(config)#line telnet 0 4 
(config-telnet0-4)#login 
(config-telnet0-4)#password mypassword 
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login authentication <aaa login list> 


Use the login authentication command to specify the named AAA login list to use for authenticating users 
connecting on this line. Use the no form of this command to return to the default setting. 


Syntax Description 


<aaa login list> Specifies the AAA login list to use for authentication. 


Default Values 
The default value is the default AAA list. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





If the AAA subsystem is activated but no login authentication list is given, the default list is used. If the 
default list is used but the default list is not configured, the behavior for telnets is to use the local user 
database. 


Usage Examples 





The following example specifies that myList will be used for authenticating users connecting on this line: 


(config)#line telnet 2 
(config-telnet2)#login authentication myList 
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login local-userlist 


Use the login local-userlist command to enable security login for the terminal session requiring the 
usernames and passwords configured using the username/password Global Configuration command. Use 
the no form of this command to disable the login local-userlist feature. 





Wor All user properties assigned using the username/password command are valid when using 


the login local-userlist command. 





Syntax Description 





No subcommanas. 


Default Values 


By default, there is no login password set for access to the unit. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example displays creating a local userlist and enabling the security login feature: 


(config)#username my_user password my_password 
(config)#line telnet 0 
(config-telnet0)#login local-userlist 


When connecting to the unit, the following prompts are displayed: 


User Access Login 
Username: my_user 
Password: 

Router# 
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password <password> 


Use the password command to configure the password (with optional encryption) required on the line 
session when security login is enabled (using the login command). Use the no form of this command to 
remove a configured password. Variations of this command include: 


password <password> 
password md5 <password> 


Syntax Description 





<password> Specifies the password for the line session using an alphanumeric 
character string (up to 16 characters). 

md5 Optional. Specifies Message Digest 5 (MD5) as the encryption protocol to use 
when displaying the enable password during show commands. If the MD5 
keyword is not used, encryption is not used when displaying the enable 
password during show commands. 


Default Values 





By default, there is no login password set for access to the unit. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables the security login feature and specifies a password for the Telnet session 0: 


(config)#line telnet 0 
(config-telnetO)#login 
(config-telnet0)#password mypassword 


To provide extra security, AOS can encrypt the enable password when displaying the current configuration. 
For example, the following is a show configuration printout (password portion) with an unencrypted 
enable password (ADTRAN): 


enable password ADTRAN 
| 


Alternately, the following is a show configuration printout (password portion) with an enable password of 
ADTRAN using md5 encryption: 


enable password md5 encrypted 5aa5fbae7d01a90e79fb57705ce74676 
| 
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PHYSICAL INTERFACE COMMAND SETS 


This section includes the following command sets: 


ADSL Interface Configuration Command Set on page 1048 
BRI Interface Configuration Command Set on page 1052 
Cellular Interface Configuration Command Set on page 1062 
DDS Interface Configuration Command Set on page 1067 
DSX-1 Interface Configuration Command Set on page 1075 
El Interface Configuration Command Set on page 1085 
Ethernet Interface Configuration Command Set on page 1101 
FDL Interface Configuration Command Set on page 1208 
FXO Interface Configuration Command Set on page 1214 
FXS Interface Configuration Command Set on page 1223 
G.703 Interface Configuration Command Set on page 1235 
HSSI Interface Configuration Command Set on page 1242 
Modem Interface Configuration Command Set on page 1246 
PRI Interface Configuration Command Set on page 1251 
Serial Interface Configuration Command Set on page 1258 
SHDSL Interface Configuration Command Set on page 1267 
TI Interface Configuration Command Set on page 1281 

T3 Interface Configuration Command Set on page 1298 
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ADSL INTERFACE CONFIGURATION COMMAND SET 





To activate the ADSL Interface Configuration mode, enter the interface adsl command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface adsl 0/1 
(config-adsl 0/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


retrain on page 1049 
snr-margin on page 1050 


training-mode on page 1051 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1048 


Command Reference Guide 


ADSL Interface Configuration Command Set 





retrain 


Use the retrain command to force the modem to retrain. 


Syntax Description 





No subcommanas. 


Default Values 





No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example forces a modem retrain: 


(config)#interface adsl 0/1 
(config-adsl 0/1)#retrain 
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snr-margin 


Use the snr-margin command to enable monitoring and set the minimum signal-to-noise ratio (SNR) 
during training and showtime. Use the no form of this command to disable monitoring. Variations of this 
command include: 


snr-margin <margin> 
snr-margin showtime monitor 
snr-margin training monitor 


Syntax Description 





<margin> Sets the minimum SNR margin value in dB. The range is from 1 to 15 dB. 


showtime monitor Enables margin monitoring to retrain the ADSL interface if the specified 
minimum margin is violated during showtime. 


training monitor Enables margin monitoring to retrain the ADSL interface if the specified 
minimum margin is violated during training. 


Default Values 





By default, SNR margin monitoring is disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example enables SNR margin monitoring during showtime with a minimum level of 7 dB: 


(config)#interface adsl 0/1 
(config-adsl 0/1)#snr-margin showtime monitor 7 
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training-mode 


Use the training-mode command to configure the ADSL training mode. Use the no form of these 
commands to disable a specific training mode. Variations of this command include: 


training-mode ADSL2 
training-mode ADSL2+ 
training-mode ADSL2+ANNEX-M 
training-mode G.DMT 
training-mode G.LITE 
training-mode Multi-Mode 
training-mode READSL2 
training-mode 11.413 


Syntax Description 





ADSL2 Specifies ITU G992.3 mode. 

ADSL2+ Specifies ITU G992.5 mode. 

ADSL2+ANNEX-M Specifies ITU G.992.5 Annex M mode. 

G.DMT Specifies ANSI full-rate mode. 

G.LITE Specifies ANSI splitterless mode. 

Multi-Mode Specifies auto detect mode. When set to multi-mode, the ADSL interface 


attempts to train to the DSLAM using each of the supported training modes 
until a match is found. 


READSL2 Specifies ITU G.992.3 Annex L mode. 
71.413 Specifies ANSI T1.413 mode. 


Default Values 





By default, the training mode is set to Multi-Mode. 


Command History 





Release 8.1 Command was introduced. 
Release 13.1 Command was expanded to include ITU G.992.5 Annex M ADSL2+ mode. 


Functional Notes 


Some of the listed training modes (G.LITE, T1.413, ADSL2, ADSL2+, READSL2) are currently supported 
for ADSL over POTS (Annex A) and are not valid for ADSL over ISDN (Annex B) modules. 





Usage Examples 





The following example sets the training mode to T1.413: 


(config)#interface adsl 0/1 
(config-adsl 0/1)#training-mode T1.413 
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BRI INTERFACE CONFIGURATION COMMAND SET 





To activate the BRI Interface Configuration mode, enter the interface bri command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface bri 1/2 
(config-bri 1/2)# 





The BRI interface number in the example above is shown as bri 1/2. This number is based 
‘one on the interface’s location (slot/port) and could vary depending on the unit’s configuration. 
Use the do show interfaces command to determine the appropriate interface number. 





The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


caller-id override on page 1053 
isdn Idn on page 1054 

isdn spid on page 1055 

isdn switch-type on page 1057 
loopback local on page 1058 
loopback network on page 1059 
maintenance on page 1060 


resource pool-member <name> on page 1061 
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caller-id override 


Use the caller-id override command to configure the unit to replace caller ID information with a 
user-specified number. Use the no form of this command to disable any caller ID overrides. Variations of 
this command include: 


caller-id override always <number> 
caller-id override if-no-cid <number> 


Syntax Description 





always <number> Always forces replacement of the incoming caller ID number with the 
number given. 


if-no-cid <number> Replaces the incoming caller ID number with the number given only if there 
is no caller ID information available for the incoming call. 


Default Values 


By default, this command is disabled. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





This command forces a replacement of the incoming caller ID number with the number given. The received 
caller ID, if any, is discarded, and the given override number is used to connect the incoming call to a 
circuit of the same number. 


Usage Examples 





The following example configures the unit to always provide the given number as the caller ID number: 


(config)#interface bri 1/2 
(config-bri 1/2)#caller-id override always 5551000 
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isdn Idn 


Use the isdn Idn command to specify the Local Directory Numbers (LDNs) for the Basic Rate Interface 
(BRI) interface. This information should be supplied by your service provider. Use the no form of this 
command to remove a configured LDN. Variations of this command include: 


isdn Idn1 </dn number> 
isdn Idn2 </dn number> 





The BRI module requires all incoming calls to be directed to the Local Directory Number 
‘aoe (LDN) associated with the SPID programmed using the isdn spidI command. All calls to 
the LDN associated with SPID 2 will be rejected (unless part of a bonding call). 





Syntax Description 





Idn1 Specifies the LDN associated with the SPID entered as spid1. 
Idn2 Specifies the LDN associated with the SPID entered as spid2. 
</dn number> Specifies the LDN assigned to the circuit by the service provider. The LDN 


is the number used by remote callers to dial into the ISDN circuit. 


Default Values 





By default, there are no configured LDNs. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Inbound calls are not accepted on interfaces without programmed LDNs. LDNs can also be entered using 
the isdn spid command. The isdn spid and isdn Idn commands overwrite the existing programmed LDN; 
therefore, the last LDN programming entered takes precedence. 


Usage Examples 





The following example defines an LDN of 555-1111: 


(config)#interface bri 1/2 
(config-bri 1/2)#isdn Idn1 5551111 
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isdn spid 


Use the isdn spid command to specify the Service Profile Identifiers (SPIDs) and the Local Directory 
Numbers (LDNs) for the Basic Rate Interface (BRI) interface. This information should be supplied by your 
service provider. Use the no form of this command to remove a configured SPID. Variations of this 
command include: 


isdn spid1 <spid number> </dn number> 
isdn spid2 <spid number> </dn number> 





The BRI module requires all incoming calls to be directed to the Local Directory Number 
(LDN) associated with the SPID programmed using the isdn spidI command. All calls to 
the LDN associated with SPID 2 will be rejected (unless part of a bonding call). 





Syntax Description 





spid1 Specifies the primary SPID. 
spid2 Specifies the secondary SPID. 
<spid number> Specifies the 8 to 14 digit number identifying your BRI line in the central 


office switch. A SPID is generally created using the area code and phone 
number associated with the line and a four-digit suffix. For example, the 
following SPIDs may be provided on a BRI line with phone numbers 
555-1111 and 555-1112: 


SPID 1: 701 555 1111 0101 
SPID 2: 701 555 1112 0101 


<ldn number> Optional. Specifies the LDN assigned to the circuit by the service provider. 
An LDN programmed using the isdn spid1 command is automatically 
associated with SPID 1. An LDN programmed using the isdn spid2 
command is automatically associated with SPID 2. The LDN is the number 
used by remote callers to dial into the ISDN circuit. Inbound calls are not 
accepted on interfaces without programmed LDNs. LDNs can also be 
entered using the isdn Idn command. The isdn spid and isdn Idn 
commands overwrite the existing programmed LDN; therefore the last LDN 
programming entered takes precedence. 


Default Values 





By default, there are no configured SPIDs or LDNs. 


Command History 





Release 1.1 Command was introduced. 
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Functional Notes 





AOS does not support “SPID-less” 5ESS signaling. SPIDs are required for all configured BRI endpoints 
using 5ESS signaling. 


For European applications, a SPID is not necessary. Use the isdn Idn command to configure the LDN for 
European applications. 


Usage Examples 
The following example defines a SPID of 704 555 1111 0101 with an LDN of 555 1111: 


(config)#interface bri 1/2 
(config-bri 1/2)#isdn spid1 70455511110101 5551111 
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isdn switch-type 


Use the isdn switch-type command to specify the ISDN signaling type configured on the Basic Rate 
Interface (BRI) interface. The type of ISDN signaling implemented on the BRI interface does not always 
match the manufacturer of the Central Office switch. Use the no form of this command to return to the 
default value. Variations of this command include: 


isdn switch-type basic-5ess 
isdn switch-type basic-dms 
isdn switch-type basic-net3 
isdn switch-type basic-ni 


Syntax Description 





basic-5ess Specifies Lucent/AT&T 5ESS signaling. 

basic-dms Specifies Nortel DMS-100 custom signaling. The basic-dms signaling type 
is not compatible with proprietary SL-1 DMS signaling. 

basic-net3 Specifies Net3 Euro-ISDN signaling. 

basic-ni Specifies National ISDN-1 signaling. 


Default Values 





By default, the ISDN signaling is set to National ISDN-1. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The isdn switch-type command specifies the type of ISDN signaling implemented on the BRI interface, 
not the manufacturer of the Central Office switch. It is quite possible to have a Lucent Central Office switch 
providing National ISDN signaling on the BRI interface. 


Usage Examples 





The following example configures a BRI interface for a circuit with Lucent 5ESS (custom) signaling: 


(config)#interface bri 1/2 
(config-bri 1/2)#isdn switch-type basic-5ess 
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loopback local 


Use the loopback local command to enable a local loopback of the interface (towards the router). Use the 
no form of this command to disable the loopback. Variations of this command include: 


loopback local all 
loopback local b1 
loopback local b2 
loopback local both 


Syntax Description 





all Loops the entire interface back towards the router (including the 
D-channel). With an active loopback active all, the established D-channel 
between the ISDN module and the central office switch drops. 


b1 Loops the data on B1 back towards the router. A B1 loopback does not 
disrupt D-channel signaling. 


b2 Loops the data on B2 back towards the router. A B2 loopback does not 
disrupt D-channel signaling. 


both Loops the data on B1 and B2 back towards the router, but does not disrupt 
D-channel signaling. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example enables a B2 loopback of the BRI 1/2 interface and disables the loopback: 
(config)#interface bri 1/2 


(config-bri 1/2)#loopback local b2 
(config-bri 1/2)#no loopback local b2 
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loopback network 


Use the loopback network command to enable a loopback of the interface (towards the network). Use the 
no form of this command to disable the loopback. Variations of this command include: 


loopback network b1 
loopback network b2 
loopback network both 


Syntax Description 





b1 Loops the data on B1 back towards the network. A B1 loopback does not 
disrupt D-channel signaling. 


b2 Loops the data on B2 back towards the network. A B2 loopback does not 
disrupt D-channel signaling. 


both Loops the data on B1 and B2 back towards the network, but does not 
disrupt D-channel signaling. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables a B2 loopback of the BRI 1/2 interface and disables the loopback: 


(config)#interface bri 1/2 
(config-bri 1/2)#loopback network b2 
(config-bri 1/2)#no loopback network b2 
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maintenance 


Use the maintenance command to force a reset of the interface (initiating the SABME/UA process) or to 
reset the D-channel (by sending a RESTART message). Variations of this command include: 


maintenance reset 
maintenance restart-d 





The maintenance command disrupts data flow on the ISDN interface. All active calls will 
UT 


drop when the reset or restart process begins. 





Syntax Description 





reset Forces a complete reset of the interface by initiating the SABME/UA 
process. 
restart-d Resets the D-channel by sending a Q.931 RESTART message to the 


central office switch. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example resets the BRI 1/2 interface: 


(config)#interface bri 1/2 
(config-bri 1/2)#maintenance reset 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1060 


Command Reference Guide BRI Interface Configuration Command Set 





resource pool-member <name> 


Use the resource pool-member command to assign the interface to a resource pool, making it a demand 
routing resource. Use the no form of this command to return to the default value. Variations of this 
command include: 


resource pool-member <name> 
resource pool-member <name> <priority> 


Syntax Description 





<name> Specifies the name of the resource pool to which this interface is assigned. 


<priority> Optional. Specifies the priority value of using this interface versus other 
interfaces contained in the specified resource pool using a number 1 to 255. 
Lower numbers indicate higher priority. Interfaces with the same priority are 
selected in alphabetical order by interface name. 


Default Values 


By default, the interface is not assigned to any resource pool. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example configures a BRI interface as a member of resource pool MyPool: 


(config)#interface bri 1/2 
(config-bri 1/2)#resource pool-member MyPool 
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CELLULAR INTERFACE CONFIGURATION COMMAND SET 





To create a cellular interface and activate the Cellular Interface Configuration mode, enter the interface 
cellular command at the Global Configuration mode prompt. For example: 


#configure terminal 
(config)#interface cellular 1/1 
(config-cellular 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order: 


cdma activate otasp on page 1063 
reset on page 1064 
resource pool-member <name> on page 1065 


snmp trap link-status on page 1066 
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cdma activate otasp 


Use the cdma activate otasp command to activate the cellular interface. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the cellular interface is disabled. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example activates cellular interface 1/1: 


(config)#interface cellular 1/1 
(config-cellular-1/1)#cdma activate otasp 
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reset 


Use the reset command to reboot the cellular network interface module (NIM). 


Syntax Description 





No subcommanas. 


Default Values 





No default values are associated with this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example reboots the NIM associated with cellular interface 1/1: 


(config)#interface cellular 1/1 
(config-cellular-1/1)#reset 
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resource pool-member <name> 


Use the resource pool-member command to configure the cellular interface as a resource pool member 
for the demand interface to draw upon when connecting to the cellular network. Use the no form of this 
command to remove the interface from the resource pool. Variations of this command include: 


resource pool-member <name> 
resource pool-member <name> <priority> 


Syntax Description 





<name> Specifies the resource pool to which the cellular interface is assigned. 


<priority> Optional. Specifies the priority this interface is given over other interfaces in 
the same pool. Range is 1 to 255. 


Default Values 





By default, the cellular interface is not associated with any resource pools. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





Lower priority values indicate a higher priority. Interfaces within the same resource pool with the same 
priority are selected as resources in alphabetical order by interface name. 


Usage Examples 





The following example configures interface cellular 1/1 as a member of the cellular resource pool: 


(config)#interface cellular 1/1 
(config-cellular 1/1)#resource pool-member cellular 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all interfaces except virtual 
Frame Relay interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on interface cellular 1/1: 


(config)#interface cellular 1/1 
(config-cellular 1/1)#no snmp trap link-status 
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DDS INTERFACE CONFIGURATION COMMAND SET 


To activate the DDS Interface Configuration mode, enter the interface dds command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface dds 1/1 
(config-dds 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


clock rate on page 1068 

clock source on page 1069 
data-coding scrambled on page 1070 
loopback on page 1071 
remote-loopback on page 1072 

snmp trap on page 1073 

snmp trap link-status on page 1074 
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clock rate 


Use the clock rate command to configure the data rate used as the operating speed for the interface. This 
rate should match the rate required by the DDS service provider. Use the no form of this command to 
return to the default value. Variations of this command include: 


clock rate auto 
clock rate bps56k 
clock rate bps64k 


Syntax Description 





auto Automatically detects the clock rate and sets to match. 
bps56k Sets the clock rate to 56 kbps. 
bps64k Sets the clock rate to 64 kbps. 


Default Values 





By default, the rate is set to auto. 


Command History 


Release 1.1 Command was introduced. 


Functional Notes 





When operating at 64 kbps (clear channel operation), the DTE data sequences may mimic network loop 
maintenance functions and erroneously cause other network elements to activate loopbacks. Use the 
data-coding scrambled command to prevent such occurrences. Refer to data-coding scrambled on page 
1070 for related information. 


Usage Examples 





The following example configures the clock rate for 56 kbps operation: 


(config)#interface dds 1/1 
(config-dds 1/1)#clock rate bps56k 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1068 


Command Reference Guide DDS Interface Configuration Command Set 





clock source 


Use the clock source command to configure the source timing used for the interface. The clock specified 
using the clock source command is also the system master clock. Use the no form of this command to 
return to the default value. Variations of this command include: 


clock source internal 
clock source line 


Syntax Description 





internal Configures the unit to provide clocking using the internal oscillator. 
line Configures the unit to recover clocking from the DDS circuit. 


Default Values 





By default, the clock source is set to line. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When operating on a DDS network, the clock source should be line. On a point-to-point private network, 
one unit must be line and the other internal. 


Usage Examples 





The following example configures the unit to recover clocking from the circuit: 


(config)#interface dds 1/1 
(config-dds 1/1)#clock source line 
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data-coding scrambled 


Use the data-coding scrambled command to enable the DDS OS scrambler to combine user data with 
pattern data to ensure user data does not mirror standard DDS loop codes. The scrambler may only be used 
on 64 kbps circuits without Frame Relay signaling (clear channel). Use the no form of this command to 
return to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the scrambler is disabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When operating at 64 kbps (clear channel operation), there is a possibility the DTE data sequences may 
mimic network loop maintenance functions and erroneously cause other network elements to activate 
loopbacks. Use the data-coding scrambled command to prevent such occurrences. Do not use this 
command if using Frame Relay or if using PPP to another device other than an AOS product also running 
scrambled. 


Usage Examples 





The following example enables the DDS OS scrambler: 


(config)#interface dds 1/1 
(config-dds 1/1)#data-coding scrambled 
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loopback 


Use the loopback command to initiate a specified loopback on the interface. Use the no form of this 
command to deactivate the loop. Variations of this command include: 


loopback dte 
loopback line 
loopback remote 


Syntax Description 





dte Initiates a loop to connect the transmit and receive path through the unit. 


line Initiates a loop of the DDS circuit toward the network by connecting the 
transmit path to the receive path. 


remote Transmits a DDS loop code over the circuit to the remote unit. In response, 
the remote unit should initiate a line loopback. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example activates a line loopback on the DDS interface: 


(config)#interface dds 1/1 
(config-dds 1/1)#loopback line 
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remote-loopback 


Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a 
remote unit (or the service provider). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces respond to remote loopbacks. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables remote loopbacks on the DDS interface: 


(config)#interface dds 1/1 
(config-dds 1/1)#remote-loopback 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to return to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP capability on the DDS interface: 


(config)#interface dds 1/1 
(config-dds 1/1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all supported interfaces except virtual Frame 
Relay interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the DDS interface: 


(config)#interface dds 1/1 
(config-dds 1/1)#no snmp trap link-status 
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DSX-1 INTERFACE CONFIGURATION COMMAND SET 


To activate the DSX-1 Interface Configuration mode, enter the interface t1 command (and specify the 
DSX-1 port) at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface t1 1/2 
(config-t1 1/2)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


coding on page 1076 

framing on page 1077 

line-length <value> on page 1078 
loopback network on page 1079 

loopback remote line inband on page 1080 
remote-loopback on page 1081 
signaling-mode on page 1082 

snmp trap link-status on page 1083 
test-pattern on page 1084 
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coding 


Use the coding command to configure the line coding for a DSX-1 physical interface. This setting must 
match the line coding supplied on the circuit by the PBX. Use the no form of this command to return to the 
default setting. Variations of this command include: 


coding ami 
coding b8zs 


Syntax Description 





ami Configures the line coding for alternate mark inversion (AMI). 
b8zs Configures the line coding for bipolar eight zero substitution (B8ZS). 


Default Values 





By default, all DSX-1 interfaces are configured with B8ZS line coding. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The line coding configured in the unit must match the line coding of the DSX-1 circuit. A mismatch will 
result in line errors (e.g., BPVs). 


Usage Examples 





The following example configures the DSX-1 interface for AMI line coding: 


(config)#interface t1 1/2 
(config-t1 1/2)#coding ami 
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framing 


Use the framing command to configure the framing format for the DSX-1 interface. This parameter 
should match the framing format set on the external device. Use the no form of this command to return to 
the default value. Variations of this command include: 


framing d4 
framing esf 


Syntax Description 





d4 Specifies D4 superframe (SF) format. 
esf Specifies extended superframe (ESF) format. 


Default Values 





By default, the framing format is set to esf. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A frame is comprised of a single byte from each of the T1’s timeslots; there are 24 timeslots on a single T1 
circuit. Framing bits are used to separate the frames and indicate the order of information arriving at the 
receiving equipment. D4 and ESF are two methods of collecting and organizing frames over the circuit. 


Usage Examples 





The following example configures the DSX-1 interface for D4 framing: 


(config)#interface t1 1/2 
(config-t1 1/2)#framing d4 
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line-length <va/ue> 


Use the line-length command to set the line build out (in feet or dB) for the DSX-1 interface. Use the no 
form of this command to return to the default value. 


Syntax Description 


<value> Configures the line build out for the DSX-1 interface. Valid options include: 
-7.5 GB or 0 to 655 feet. Use the -7.5 dB option for maximum attenuation. 


Default Values 





By default, the line build out is set to 0 feet. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The line-length value represents the physical distance between DSX equipment (measured in cable 
length). Based on this setting, the AOS device increases signal strength to compensate for the distance 
the signal must travel. Valid distance ranges are listed below: 


* Oto 133 feet 

* 134 to 265 feet 
* 266 to 399 feet 
* 400 to 533 feet 
* 5834 to 655 feet 


Usage Examples 





The following example configures the DSX-1 interface line-length for 300 feet: 


(config)#interface t1 1/2 
(config-t1 1/2)#line-length 300 
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loopback network 


Use the loopback network command to initiate a loopback on the interface toward the network. Use the 
no form of this command to deactivate the loopback. Variations of this command include: 


loopback network line 
loopback network payload 


Syntax Description 





line Initiates a metallic loopback of the physical DSX-1 network interface. 
payload Initiates a loopback of the T1 framer (CSU portion) of the DSX-1 network 
interface. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The following diagram depicts the difference between a line and payload loopback. 





T1 Network Interface 











Payload Loopback 
Line Loopback 





Usage Examples 


The following example initiates a payload loopback of the DSX-1 interface: 


(config)#interface t1 1/2 
(config-t1 1/2)#loopback network payload 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1079 


Command Reference Guide DSX-1 Interface Configuration Command Set 





loopback remote line inband 
Use the loopback remote line inband command to send a loopback code to the remote unit to initiate a 


line loopback. Use the no form of this command to send a loopdown code to the remote unit to deactivate 
the loopback. 


Syntax Description 





inband Uses the inband channel to initiate a full 1.544 Mbps physical (metallic) 
loopback of the signal received by the remote unit from the network. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A remote loopback can only be issued if a cross-connect does not exist on the interface and if the signaling 
mode is set to none. The following diagram depicts the difference between a line and payload loopback. 





T1 Network Interface 











Line Loopback 





Usage Examples 





The following example initiates a remote line loopback using the inband channel: 


(config)#interface t1 1/2 
(config-t1 1/2)#loopback remote line inband 
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remote-loopback 


Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a 
remote unit (or the service provider). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces respond to remote loopbacks. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables remote loopbacks on the DSX-1 interface: 


(config)#interface t1 1/2 
(config-t1 1/2)#remote-loopback 
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signaling-mode 


Use the signaling-mode command to configure the signaling type (robbed-bit for voice or clear channel 
for data) for the DSOs mapped to the DSX-1 port. Use the no form of this command to return to the default 
setting. Variations of this command include: 


signaling-mode message-oriented 
signaling-mode none 
signaling-mode robbed-bit 


Syntax Description 





message-oriented Specifies clear channel signaling on Channel 24 only. Use this signaling 
type with QSIG installations. 


none Specifies clear channel signaling on all 24 DSOs. Use this signaling type 
with data-only or PRI DSX-1 installations. 


robbed-bit Specifies robbed bit signaling on all DSOs. Use this signaling type for 
voice-only DSX-1 applications. 


Default Values 


By default, the signaling mode is set to robbed-bit. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 
The following example configures the DSX-1 port for PRI compatibility: 


(config)#interface t1 1/2 
(config-t1 1/2)#signaling-mode none 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the DSX-1 interface: 


(config)#interface t1 1/2 
(config-t1 1/2)#no snmp trap link-status 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1083 


Command Reference Guide DSX-1 Interface Configuration Command Set 





test-pattern 


Use the test-pattern command to activate the built-in pattern generator and begin sending the specified 
test pattern. This pattern generation can be used to verify a data path when used in conjunction with an 
active loopback. Use the no form of this command to cease pattern generation. Variations of this command 
include: 


test-pattern ones 
test-pattern zeros 


Syntax Description 





ones Generates a test pattern of continous ones. 
zeros Generates a test pattern of continous zeros. 


Default Values 





No default values are necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example activates the pattern generator for a stream of continuous ones: 


(config)#interface t1 1/2 
(config-t1 1/2)#test-pattern ones 
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E1 INTERFACE CONFIGURATION COMMAND SET 


To activate the El Interface Configuration mode, enter the interface el command (and specify the El 
port) at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface e1 1/1 
(config-e1 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


clock source on page 1086 

coding on page 1087 

framing crc4 on page 1088 
loop-alarm-detect on page 1089 
loopback network on page 1090 
loopback remote v54 on page 1091 
remote-alarm on page 1092 
remote-loopback on page 1093 
sa4tx-bit <value> on page 1094 
snmp trap line-status on page 1095 
snmp trap link-status on page 1096 
snmp trap threshold-reached on page 1097 
tdm-group <number> on page 1098 
test-pattern on page 1099 

ts16 on page 1100 
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clock source 


Use the clock source command to configure the source timing used for the interface. Use the no form of 
this command to return to the default value. Variations of this command include: 


clock source internal 
clock source line 
clock source through 


Syntax Description 





internal 
line 
through 


Default Values 


Configures the unit to provide clocking using the internal oscillator. 
Configures the unit to recover clocking from the E1 circuit. 


Configures the unit to recover clocking from the circuit connected to the 
G.703 interface. 





By default, the unit is configured to recover clocking from the primary circuit. 


Command History 


Release 5.1 


Functional Notes 


Command was introduced. 





When operating on a circuit that is providing timing, setting the clock source to line can avoid errors such 


as Clock Slip Seconds (CSS). 


Usage Examples 





The following example configures the unit to recover clocking from the primary circuit: 


(config)#interface e1 1/1 


(config-e1 1/1)#clock source line 
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coding 


Use the coding command to configure the line coding for the El physical interface. This setting must 
match the line coding supplied on the circuit by the service provider. Use the no form of this command to 
return to the default setting. Variations of this command include: 


coding ami 
coding hdb3 


Syntax Description 





ami Configures the line coding for alternate mark inversion (AMI). 
hdb3 Configures the line coding for high-density bipolar 3 (HDB3). 


Default Values 





By default, all E1 interfaces are configured with HDBS line coding. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The line coding configured in the unit must match the line coding of the E1 circuit. A mismatch will result in 
line errors (e.g., BPVs). 


Usage Examples 





The following example configures the E1 interface for AMI line coding: 


(config)#interface e1 1/1 
(config-e1 1/1)#coding ami 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1087 


Command Reference Guide E1 Interface Configuration Command Set 





framing crc4 
Use the framing command to configure the framing format for the El interface. This parameter should 


match the framing format provided by the service provider or external device. Use the no form of this 
command to return to the default value. 


Syntax Description 





crc4 Enables CRC-4 bits to be transmitted in the outgoing data stream. Also, the 
received signal is checked for CRC-4 errors. 


Default Values 
By default, CRC-4 is disabled. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The framing value must match the configuration of the E1 circuit. A mismatch will result in a loss of frame 
alarm. 


Usage Examples 





The following example configures the E1 interface for CRC-4 framing: 


(config)#interface e1 1/1 
(config-e1 1/1)#framing crce4 
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loop-alarm-detect 


The loop-alarm-detect command enables detection of a loop alarm on the E1 interface. Use the no form 
of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





This command enables the detection of a loopback alarm. This alarm works in conjunction with the 
sa4tx-bit command setting. The loopback condition is detected by comparing the transmitted sa4tx-bit 
value to the received Saé4 bit value. If the bits match, a loopback is assumed. This detection method only 
works with a network in which the far end is transmitting the opposite value for Sa4. 


Usage Examples 





The following example enables detection of a loop alarm on the E1 interface: 


(config)#config e1 1/1 
(config-e1 1/1)#loop-alarm-detect 
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loopback network 


Use the loopback network command to initiate a loopback on the interface toward the network. Use the 
no form of this command to deactivate the loopback. Variations of this command include: 


loopback network line 
loopback network payload 


Syntax Description 





line Initiates a metallic loopback of the physical E1 network interface. 
payload Initiates a loopback of the E1 framer (CSU) portion of the E1 network 
interface. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The following diagram depicts a line loopback. 
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Usage Examples 


The following example initiates a line loopback of the E1 interface: 


(config)#interface e1 1/1 
(config-e1 1/1)#loopback network line 
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loopback remote v54 


The loopback remote v54 command initiates an El remote loopback test (with a V.54 loopback pattern). 
Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





This command causes a V.54 inband loop code to be sent in the payload towards the far end. 


Usage Examples 





The following example sends a V.54 inband loop code to the far end: 


(config)#interface e1 1/1 
(config-e1 1/1)#loopback remote v54 
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remote-alarm 


The remote-alarm command selects the alarm signaling type to be sent when a loss of frame is detected 
on the El receive signal. Use the no form of this command to disable all transmitted alarms. Variations of 
this command include: 


remote-alarm rai 
remote-alarm ais 


Syntax Description 





rai Specifies sending a remote alarm indication (RAI) in response to a loss of 
frame. Also prevents a received RAI from causing a change in interface 
operational status. 


ais Sends an alarm indication signal (AIS) as an unframed all-ones signal. 


Default Values 


The default for this command is RAI. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





An E1 will respond to a loss of frame on the receive signal by transmitting a remote alarm to the far end to 
indicate the error condition. TSO of an E1 contains the Frame Alignment Signal (FAS) in the 
even-numbered frames. The odd-numbered frames are not used for frame alignment, and some of those 
bits are labeled as spare bits (Sa bits) in bit positions 4 through 8. 


Usage Examples 


The following example enables transmission of AIS in response to a loss of frame: 


(config)#interface e1 1/1 
(config-e1 1/1)#remote-alarm ais 
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remote-loopback 


Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a 
remote unit (or the service provider). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces respond to remote loopbacks. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





This controls the acceptance of any remote loopback requests. When enabled, remote loopbacks are 
detected and cause a loopback to be applied. When disabled, remote loopbacks are ignored. 


Usage Examples 





The following example enables remote loopbacks on the E1 interface: 


(config)#interface e1 1/1 
(config-e1 1/1)#remote-loopback 
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sa4tx-bit <value> 


The sa4tx-bit command selects the Tx value of Sa4 in this El interface. Use the no form of this command 
to return to the default value. 


Syntax Description 


<value> Specifies a 0 or a 1 for the transmit value of the SA4 bit on the E1. 


Default Values 





The default value for this command is 1. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





This command assigns a value to the Tx spare bit in position 4. The odd-numbered frames of TSO are not 
used for frame alignment. Bits in position 4 through 8 are called spare bits. Values of 0 or 1 are accepted. 


TSO odd frame 
Bit position 1 2 3 4 5 6 fe 8 
Bit use 0 1 RAl=1 S S S S S 


Usage Examples 





The following example sets the Tx value of Sa4 to 0: 


(config)#interface e1 1/1 
(config-e1 1/1)#sa4tx-bit 0 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1094 


Command Reference Guide E1 Interface Configuration Command Set 





snmp trap line-status 
Use the snmp trap line-status command to control the Simple Network Management Protocol (SNMP) 


variable dsx1LineStatusChangeTrapEnable (RFC 2495) to enable (or disable) the interface to send SNMP 
traps when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the dsx1LineStatusChangeTrapEnable OID is set to enabled for all interfaces except virtual 
Frame Relay Interfaces. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





The snmp trap line-status command is used to control the RFC 2495 dsx1LineStatusChangeTrapEnable 
OID (OID number 1.3.6.1.2.1.10.18.6.1.17.0). 


Usage Examples 





The following example disables the line-status trap on the T1 interface: 


(config)#interface e1 1/1 
(config-t1 1/1)#no snmp trap line-status 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the E1 interface: 


(config)#interface e1 1/1 
(config-e1 1/1)#no snmp trap link-status 
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snmp trap threshold-reached 


Use the snmp trap threshold-reached command to control the Simple Network Management Protocol 
(SNMP) variable adGenAOSDs1ThresholdReached (adGenAOSDs1-Ext MIB) to enable the interface to 
send SNMP traps when a DS1 performance counter threshold is reached. Use the no form of this command 
to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 
By default, the a4GenAOSDs1ThresholdReached OID is enabled for all interfaces. 





Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example disables SNMP threshold reached trap on the E1 interface: 


(config)#interface e1 1/1 
(config-e1 1/1)#no snmp trap threshold-reached 
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tdm-group <number> 


Use the tdm-group command to create a group of contiguous channels on this interface to be used during 
the cross-connect process. Use the no form of this command to remove configured TDM groups. Refer to 
cross-connect on page 45 for related information. Variations of this command include: 


tdm-group <number> timeslots <value> 
tdm-group <number> timeslots <va/ue> speed [56 | 64] 





dt Changing tdm-group settings could result in service interruption. 





Syntax Description 





<number> Identifies the created TDM group. Valid range is 1 to 255. 


timeslots <value> Specifies the channels to be used in the TDM group. Valid range is 1 to 31. 
The timeslot value can be entered as a single number representing one of 
the 31 E1 channel timeslots or as a contiguous group of channels. (For 
example, 1-10 specifies the first 10 channels of the E1.) 

speed [56 | 64] Optional. Specifies the individual channel rate on the E1 interface to be 
56 or 64 kbps. The default speed is 64 kbps. 56 kbps operation is not 
available on all E1 interfaces. Refer to the Quick Start Guide provided with 
your E1 module to determine whether 56 kbps is valid. 


Default Values 





By default, there are no configured TDM groups. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example creates a TDM group (labeled 5) of 10 channels at 64 kbps each: 


(config)#interface e1 1/1 
(config-e1 1/1)#tdm-group 5 timeslots 1-10 speed 64 
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test-pattern 


Use the test-pattern command to activate the built-in pattern generator and begin sending the specified 
test pattern. This pattern generation can be used to verify a data path when used in conjunction with an 
active loopback. Use the no form of this command to cease pattern generation. Variations of this command 


include: 


test-pattern clear 
test-pattern errors 
test-pattern insert 
test-pattern ones 
test-pattern p215 
test-pattern p220 
test-pattern p511 
test-pattern qrss 
test-pattern zeros 


Syntax Description 





clear 
errors 
insert 
ones 
p215 


p220 


p511 
qrss 
zeros 


Default Values 


Clears the test pattern error count. 

Displays the test pattern error count. 

Inserts an error into the currently active test pattern. 
Generates test pattern of continous ones. 


Generates a pseudorandom test pattern sequence based on a 15-bit shift 
register. 


Generates a pseudorandom test pattern sequence based on a 20-bit shift 
register. 


Generates a test pattern of repeating ones and zeros. 
Generates a test pattern of random ones and zeros. 
Generates test pattern of continous zeros. 





No default values are necessary for this command. 


Command History 





Release 5.1 


Usage Examples 


Command was introduced. 





The following example activates the pattern generator for a stream of continuous ones: 


(config)#interface e1 1/1 


(config-e1 1/1)#test-pattern ones 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 1099 


Command Reference Guide E1 Interface Configuration Command Set 





ts16 


Use the ts16 command to enable timeslot 16 multiframe to be checked on the receive signal. Use the no 
form of this command to disable timeslot 16. 


Syntax Description 


No subcommanads. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





If timeslot 16 is used on the incoming E1, do not map timeslot 16 using the tdm-group command. By 
default, all timeslots not physically mapped using the tdm-group command are passed through to the 
G.703 interface. Leaving timeslot 16 unmapped makes it available for multiframe signaling by the 
connected E1 device. 


Usage Examples 





The following example enables timeslot 16 multiframing: 


(config)#interface e1 1/1 
(config-e1 1/1)#ts16 
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ETHERNET INTERFACE CONFIGURATION COMMAND SET 


There are four types of Ethernet interfaces associated with AOS: 


¢ Basic Ethernet interfaces (e.g., eth 0/1) 

¢ Gigabit Ethernet interfaces (e.g., giga-eth 0/3) 

e Ethernet subinterfaces associated with a VLAN (e.g., eth 0/1.1) 

¢ Switchport interfaces which are only available on specific platforms (e.g., swx 0/1) 

¢ Gigabit Switchport interfaces which are only available on specific platforms (e.g., giga-swx 0/1) 





Not all platforms have Ethernet subinterfaces, gigabit Ethernet, switchport, or gigabit 
‘ore switchport interfaces available. To see if your unit has this capability, type show interfaces 
at the enable prompt. 





To activate the basic Ethernet Interface Configuration mode, enter the interface ethernet command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface ethernet 0/1 
(config-eth 0/1)# 


To activate the Gigabit Ethernet Interface Configuration mode, enter the interface gigabit-ethernet 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface gigabit-ethernet 0/3 
(config-giga-eth 0/3)# 


To activate the Ethernet subinterface Configuration mode, enter the interface ethernet command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface ethernet 0/1.1 
(config-eth 0/1.1)# 


To activate the Switchport Interface Configuration mode, enter the interface switchport command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface switchport 0/1 
(config-swx 0/1)# 
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To activate the Gigabit Switchport Interface Configuration mode, enter the interface gigabit-switchport 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#interface gigabit-switchport 0/3 
(config-giga-swx 0/3)# 


To activate the Ethernet Configuration mode for a range of Ethernet interfaces, enter the interface range 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#interface range ethernet 0/1, 0/8 
(config-eth 0/1, 0/8)# 





Not all Ethernet commands apply to all Ethernet types. Use the ? command to display a list 
of valid commands. For example: 


>enable 

Password:xxxxx 

#config term 

(config )#interface ethernet 0/1 


‘wore (config-eth 0/1)#? 


access-policy - Assign access control policy for this interface 
alias - A text name assigned by an SNMUP NMS 

arp - Set ARP commands 

bandwidth - Set bandwidth informational parameter 
bridge-group - Assign the current interface to a bridge group 
ete... 








The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1104 
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arp arpa on page 1105 

awcp on page 1106 

bandwidth <value> on page 1107 
bridge-group <number> on page 1108 
bridge-group <number> vlan-transparent on page 1109 
channel-group <number> mode on on page 1110 
crypto map <name> on page 1111 
dynamic-dns on page 1113 

encapsulation 802.1q on page 1115 
full-duplex on page 1116 

half-duplex on page 1117 

ip commands begin on page 1118 

lldp receive on page 1157 

lldp send on page 1158 

mac-address <mac address> on page 1160 
max-reserved-bandwidth <value> on page 1161 
media-gateway ip on page 1162 

mtu <size> on page 1163 

port-auth auth-mode on page 1164 

port-auth control-direction on page 1165 
port-auth multiple-hosts on page 1166 
port-auth port-control on page 1167 

power inline on page 1168 

qos-policy on page 1169 

gos on page 1171 

rtp quality-monitoring on page 1172 

snmp trap on page 1173 

snmp trap link-status on page 1174 
spanning-tree commands begin on page 1175 
speed on page 1182 

storm-control on page 1183 

storm-control action shutdown on page 1185 
switchport commands begin on page 1186 
traffic-shape rate <value> on page 1203 
vlan-id <vlan id> on page 1204 

vrrp <number> on page 1205 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case-sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the Ethernet 0/1 interface: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the Ethernet 0/1 interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#access-policy Private 
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arp arpa 


Use the arp arpa command to set ARPA as the standard address resolution protocol (ARP) on this 
interface. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





The default for this command is arpa. 


Command History 





Release 3.1 Command was introduced. 


Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 


Usage Examples 





The following example enables standard ARP for the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#arp arpa 
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awcp 


Use the awcp command to enable ADTRAN Wireless Control Protocol (AWCP) on this interface. The 
AWCP is an ADTRAN proprietary protocol used by an access controller (AC) to communicate with an 
access point (AP). Use the no form of this command to disable AWCP for this interface. 


Syntax Description 





No subcommanas. 


Default Values 
By default, AWCP is enabled on the interface. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





When the global-level command dot11ap access-point-controller (refer to page 660 for more 
information) is enabled, the AWCP function can be disabled on a specific interface by using the no form of 
this command from the desired interface. When the global-level command 

dot11ap access-point-controller is disabled, it overrides the awcp command setting for the interface. 


Usage Examples 





The following example disables AWCP on Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#no awcp 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default value. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4,294,967,295 kbps. 


Default Values 





To view default value, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher-level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the Ethernet 0/1 interface to 10 Mbps: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#bandwidth 10000 
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bridge-group <number> 


Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of 
this command to remove the interface from the bridge group. 


Syntax Description 


<number> Specifies the bridge group (by number) to which to assign this interface. 
Range is 1 to 255. 


Default Values 





By default, there are no configured bridge groups. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A bridged network can provide excellent traffic management to reduce collisions and limit the amount of 
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can 
be bridged (e.g., Ethernet to T1 bridge, Ethernet to Frame Relay subinterface). 


Usage Examples 





The following example assigns the Ethernet interface to bridge-group 17: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#bridge-group 17 
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bridge-group <number> vian-transparent 


Use the bridge-group vlan-transparent command to prevent an interface from removing the VLAN tag. 
Use the no form of this command to allow the interface to remove the VLAN tag from the packet. 





Wor The bridge-group vlan-transparent command is not a global command. The command 


must be applied on all interfaces of the bridge group. 





Syntax Description 





<number> Specifies the bridge group number. Valid range is 1 to 255. 


Default Values 


By default, VLAN tags are removed from the data. 


Command History 





Release 12.1 Command was introduced. 


Release 14.1 Command was expanded to include the HDLC interface and Frame Relay 
subinterface. 


Usage Examples 





The following example removes the VLAN tags from the packets on the Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#bridge-group 1 vian-transparent 
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channel-group <number> mode on 


Use the channel-group mode on command to statically add the interface to a channel-group. To remove 
an interface from a channel-group, use the no version of this command. 


Syntax Description 


<number> Specifies the channel-group number. Range is 1 to 6. 


Default Values 





By default, the interface is not part of a channel group. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





There can be up to six channel groups with 2-8 interfaces per group. Dynamic protocols are not yet 
supported (only static). A physical interface can be a member of only one channel group. 


Usage Examples 





The following example adds the Ethernet 0/1 interface to channel group 1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#channel-group 1 mode on 
(config-eth 0/1)# 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps which 
share the same name but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Specifies the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 


When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep 
the following notes in mind. 


When defining the policy class and associated access-control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted) it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#crypto map MyMap 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the dynamic domain 
name server (DNS). 


<minutes> Specifies the intervals in minutes to update the server with information 
(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies the user name. 
<password> Specifies the password. 
Refer to Functional Notes below for additional argument descriptions. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNS“ service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
you to manage IP address mappings (A records), domain aliases (CNAME records), and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services, Inc. (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 


dyndns-custom - DynDNS.org's Custom DNSSM service provides a full DNS solution, giving you 
complete control over an entire domain name. A Web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 
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A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for most common configurations and allows for easy creation of most common record types. 
The advanced interface is designed for system administrators with a solid DNS background, and provides 
layout and functionality similar to a BIND zone file allowing for the creation of nearly any record type. 


Custom DNSSM can be used with both static and dynamic IPs, and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS service in that it 
allows a host name, such as yourname.dyndns.org, to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate through the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all, but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
that also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the dynamic DNS to dyndns-custom with host name host, user’s name user, 
and password pass: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#dynamic-dns dyndns-custom host user pass 
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encapsulation 802.1q 


Use the encapsulation 802.1q command to put the interface into 802.1q (VLAN) mode. 


Syntax Description 





No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example puts Ethernet interface 0/1 in 802.1q mode and configures a subinterface for VLAN 
usage: 


config)#interface ethernet 0/1 
config-eth 0/1)#encapsulation 802.1q 
config-eth 0/1)#interface ethernet 0/1.1 
config-eth 0/1.1)#vlan-id 3 


aN aN 
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full-duplex 
Use the full-duplex command to configure the Ethernet interface for full-duplex operation. This allows the 


interface to send and receive simultaneously. Use the no form of this command to return to the default 
half-duplex operation. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all Ethernet interfaces are configured for half-duplex operation. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Full-duplex Ethernet is a variety of Ethernet technology currently being standardized by the IEEE. Because 
there is no official standard, vendors are free to implement their independent versions of full-duplex 
operation. Therefore, it is not safe to assume that one vendor’s equipment will work with another. 


Devices at each end of a full-duplex link have the ability to send and receive data simultaneously over the 
link. Theoretically, this simultaneous action can provide twice the bandwidth of normal (half-duplex) 
Ethernet. To deploy full-duplex Ethernet, each end of the link must only connect to a single device (a 
workstation or a switched hub port). With only two devices on a full-duplex link, there is no need to use the 
medium access control mechanism (to share the signal channel with multiple stations) and listen for other 
transmissions or collisions before sending data. 





Some Ethernet equipment (though rare) is unable to negotiate duplex if speed is manually 


‘one determined. To avoid incompatibilities, manually set the duplex if the speed is manually set. 
Refer to speed on page 1182 for more information. 





The 10BaseT, 100BaseTX, and 100BaseFX signalling systems support full-duplex operation (because 
they have transmit and receive signal paths that can be simultaneously active). 


Usage Examples 





The following example configures the Ethernet interface for full-duplex operation: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#full-duplex 
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half-duplex 
Use the half-duplex command to configure the Ethernet interface for half-duplex operation. This setting 


allows the Ethernet interface to either send or receive at any given moment, but not simultaneously. Use 
the no form of this command to disable half-duplex operation. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all Ethernet interfaces are configured for half-duplex operation. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Half-duplex Ethernet is the traditional form of Ethernet that employs the Carrier Sense Multiple 
Access/Collision Detect (CSMA/CD) protocol to allow two or more hosts to share a common transmission 
medium while providing mechanisms to avoid collisions. A host on a half-duplex link must “listen” on the 
link and only transmit when there is an idle period. Packets transmitted on the link are broadcast (so it will 
be “heard” by all hosts on the network). In the event of a collision (two hosts transmitting at once), a 
message is sent to inform all hosts of the collision and a backoff algorithm is implemented. The backoff 
algorithm requires the station to remain silent for a random period of time before attempting another 
transmission. This sequence is repeated until a successful data transmission occurs. 


Some Ethernet equipment (though rare) is unable to negotiate duplex if speed is 
‘one manually determined. To avoid incompatibilities, manually set the duplex if the speed 


is manually set. Refer to speed on page 1182 for more information. 





Usage Examples 





The following example configures the Ethernet interface for half-duplex operation: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#half-duplex 
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ip access-group <name> 


Use the ip access-group command to create an access control list to be used for packets transmitted on or 
received from the specified interface. Use the no form of this command to disable this type of control. 
Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Assigns IP access control list name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 





The following example sets up the router to only allow Telnet traffic (as defined in the user-configured 
TelnetOnly IP access control list) into the Ethernet interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#interface ethernet 0/1 
config-eth 0/1)#ip access-group TelnetOnly in 
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ip address dhcp 


Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an 
address on the interface. Use the no form of this command to remove a configured IP address (using 
DHCP) and disable DHCP operation on the interface. Variables that may be used with this command to 
further define the DHCP configuration include: 


ip address dhcp client-id [<interface> | <identifier>] [hostname <‘string’>] [track <name>] 
[<administrative distance>] 

ip address dhcp hostname <‘“string’> [no-default-route | no-domain-name | no-nameservers] 
[track <name>] [<administrative distance>] 

ip address dhcp [no-default-route | no-domain-name | no-nameservers] [track <name>] 
[<administrative distance>] 

ip address dhcp track <name> [<administrative distance>] 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the 
DHCP gateway into the route table. It is used to determine the best route 
when multiple routes to the same destination exist. The smaller the 
administrative distance the more reliable the route. Range is 1 to 255. 


client-id Optional. Specifies the client identifier used when obtaining an IP address 
from a DHCP server. 


<interface> Specifies an interface, thus defining the client identifier as the hexadecimal 
MAC address of the specified interface (including a hexadecimal number 
added to the front of the MAC address to identify the media type). 


For example, specifying the client-id ethernet 0/1 (where the Ethernet 
interface has a MAC address of d217.0491.1150) defines the client 
identifier as 01:d2:17:04:91:11:50 (where 01 defines the media type as 
Ethernet). Refer to hardware-address on page 2550 for a detailed listing of 
media types. 

<identifier> Specifies a custom client-identifier using a text string (that is converted to a 
hexadecimal equivalent) or 7 to 28 hexadecimal numbers (with colon 
delimiters). 
For example, a custom client identifier of Of:ff:ff:ff:ff:51 :04:99:a1 may be 
entered using the <identifier> option. 

hostname <‘“string’> Optional. Specifies a text string (to override the global router name) to use 
as the name in the DHCP option 12 field. The string is enclosed in quotation 
marks and can consist of up to 35 characters. 


no-default-route Optional. Specifies that no default route is obtained via DHCP. 
no-domain-name Optional. Specifies that no domain name is obtained via DHCP. 
no-nameservers Optional. Specifies that no DNS servers are obtained via DHCP. 

track <name> Optional. Attaches a network monitoring track to the DHCP client. The 


DHCP gateway route for this client will only reside in the route table while 
the track is in the pass state. For more information on configuring track 
objects, refer to track <name> on page 947. 
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Default Values 





<administrative distance> 
client-id 


hostname <‘“string’> 


Command History 


Release 2.1 
Release 8.1 
Release 13.1 


By default, the administrative distance value is 1. 

Optional. By default, the client identifier is populated using the following 
formula: 

TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS 

Where TYPE specifies the media type in the form of one hexadecimal byte 
(refer to hardware-address on page 2550 for a detailed listing of media 
types), and the MAC ADDRESS is the Media Access Control (MAC) 
address assigned to the first Ethernet interface in the unit in the form of six 
hexadecimal bytes. (For units with a single Ethernet interface, the MAC 
ADDRESS assigned to Ethernet 0/1 is used in this field). 

INTERFACE SPECIFIC INFO is only used for Frame Relay interfaces and 
can be determined using the following: 

FR_PORT#: Q.922 ADDRESS 

Where the FR_PORT# specifies the label assigned to the virtual Frame 
Relay interface using four hexadecimal bytes. For example, a virtual Frame 
Relay interface labeled 1 would have a FR_PORT# of 00:00:00:01. 

The Q.922 ADDRESS field is populated using the following: 


8 7 6 5 4 3 2. 


DLCI (high order) 





DLCI (lower) [FECN BECN DE | EA 





Where the FECN, BECN, C/R, DE, and high order extended address (EA) 
bits are assumed to be 0 and the lower order EA bit is set to 1. 


The following list provides a few example DLCls and associated Q.922 
address: 
DLCI (decimal) / Q.922 address (hex) 

16 / 0x0401 

50 / 0x0C21 

60 / Ox0CC1 

70 / 0x1061 

80 / 0x1401 


By default, the host name is the name configured using the Global 
Configuration hostname command. 


Command was introduced. 
Command was expanded to include ATM subinterface. 
Command was expanded to include track and administrative distance. 
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Functional Notes 





DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on 
the network. Many Internet Service Providers (ISPs) require the use of DHCP when connecting to their 
services. Using DHCP reduces the number of dedicated IP addresses the ISP must obtain. Consult your 
ISP to determine the proper values for the client-id and hostname fields. 


Usage Examples 





The following example enables DHCP operation on the Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip address dhcp 


The following example enables DHCP operation on the Ethernet interface 0/1 utilizing hostname adtran 
and does not allow obtaining a default route, domain name, or nameservers. It also sets the administrative 
distance as 5: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip address dhcp hostname “adtran” no-default-route no-domain-name 
no-nameservers 5 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface (only one primary address 
is allowed). Use the optional secondary keyword to define a secondary IP address. Use the no form of this 
command to remove a configured IP address. Variations of this command include: 


ip address <i/p address> <subnet mask> 
ip address <ip address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 





The following example configures a secondary IP address of 192.22.72.101/30: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip address 192.22.72.101/30 secondary 
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ip dhcp release 


Use the ip dhcp release command to transmit a message to the DHCP server requesting termination of the 
IP address lease on that interface. 





interface, using the ip dhcp release command will terminate your Telnet session and render 
your Telnet capability inoperable until a new IP address is assigned by the DHCP server. 


If you are currently connected to the unit using a Telnet session through the Ethernet 
don 





Syntax Description 





No subcommanas. 


Default Values 


No default values are necessary for this command. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Dynamic Host Configuration Protocol (DHCP) allows interfaces to acquire a dynamically-assigned IP 
address from a configured DHCP server on the network. Many Internet Service Providers (ISPs) require 
the use of DHCP when connecting to their services. Using DHCP reduces the number of dedicated IP 
addresses the ISP must obtain. 


Usage Examples 
The following example releases the IP address assigned (by DHCP) on the Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip dhcp release 
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ip dhcp renew 


Use the ip dhcp renew command to transmit a message to the DHCP server requesting renewal of the IP 
address lease on that interface. 


Default Values 


No default values are necessary for this command. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





Dynamic Host Configuration Protocol (DHCP) allows interfaces to acquire a dynamically assigned IP 
address from a configured DHCP server on the network. Many Internet Service Providers (ISPs) require 
the use of DHCP when connecting to their services. Using DHCP reduces the number of dedicated IP 
addresses the ISP must obtain. 


Usage Examples 


The following example renews the IP address assigned (by DHCP) on the Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip dhcp renew 
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ip directed-broadcast 


Use the ip directed-broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this command. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list name. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an access control list 
with this command. In this case, only directed broadcasts that are permitted by the specified access 
control list will be forwarded, and all other directed broadcasts directed to this interface subnet will be 
dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service attacks 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface ethernet 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip directed-broadcast 
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ip ffe 


Use the ip ffe command to enable the RapidRoute Engine (formerly FFE) on this interface with the default 
number of entries. Use the no form of these commands to disable the FFE. Variations of this command 
include: 


ip ffe max-entries <entries> 





‘ore Issuing this command will cause all FFE entries on this interface to be cleared. 





Syntax Description 





max-entries <entries> Specifies the maximum number of entries stored in the flow table. Valid 
range is from 1 to 8192. 


Default Values 





By default, the FFE is disabled. The default number of max-entries is 4096. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





The FFE can be used to help reduce routing overhead and thus reduce overall routing times. Routing 
times are reduced by the creation of a flow table on the ingress interface. The maximum number of entries 
that can be stored in the flow table at any one time may be specified by using the max-entries 
subcommand. When features such as firewall, VPN, and static filters are enabled, routing time reduction 
may not be realized. 


Usage Examples 





The following example enables the FFE and sets the maximum number of entries in the flow table to 50: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip ffe max-entries 50 


Technology Review 





The RapidRoute system goal is to increase IP packet throughput by moving as much of the packet 
processing into the engine as possible. Packets are classified into flows based upon the IP protocol (TCP, 
UDP, ICMP, etc.), the source and destination IP addresses, IP TOS, and the protocol-specific information 
such as the source and destination port numbers. Flows are defined as the unidirectional representation of 
a conversation between two IP hosts. Each ingress interface keeps its own flow table, a collection of flow 
entries. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1127 


Command Reference Guide Ethernet Interface Configuration Command Set 





The first packet in a flow that is forwarded through the unit will build a flow entry. When a flow entry is 
looked up but no entry is found, a RapidRouteBuilder object is allocated and attached to the packet. As the 
packet passes through the various processing layers, each subsystem will add processing to the 
RapidRouteBuilder. When packet is about to be forwarded out of the egress interface, the 
RapidRouteBuilder will be finalized. That is, the flow entry being built will be checked for completeness and 
committed to the flow table on the ingress interface. Subsequent flow matches can then bypass the normal 


processing layers. 
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ip flow 


Use the ip flow command to enable Integrated Traffic Monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of the command to disable traffic monitoring. Variations of this 
command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Default Values 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Example 





The following example enables traffic monitoring on an Ethernet interface to monitor incoming traffic 
through an ACL called myacl: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





Wor The ip helper-address command must be used in conjunction with the ip forward-protocol 


command to configure AOS to forward UDP broadcast packets. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 


When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign helper address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248/30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface ethernet 0/1 
(config-eth 0/1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to 
the interface, when a leave is received, multicast of that group is 
immediately terminated as opposed to sending a group query and timing 
out the group if no device responds. Works in conjunction with ip igmp 
last-member-query-interval. Applies to all groups when configured. 
Use the no form of this command to disable the immediate-leave 
feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. Ifa 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 


static-group <address> Configures the router's interface to be a statically-connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 





Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 
Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on 


an interface, and to place it in multicast stub downstream mode. Use the no form of this command to 
disable. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 1137 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group </p address> command to receive multicast traffic without host-initiated Internet 
Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all host-initiated IGMP 
transactions will enter multicast routes on the router’s interface involved with IGMP activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP 
proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1134, and 
jp mcast-stub upstream on page 1137 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1134 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize OSPF settings (if needed). Use the no form of these commands to 
return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 
priority <value 
retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 


Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 
1 to 65,535. 


Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 32,767 
seconds. 


Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 


Configures OSPF Message Digest 5 (MD5) authentication 
(16-byte max) keys. 
Sets the OSPF priority. The value set in this field helps 


determine the designated router for this network. Range is 
0 to 255. 


Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 


Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


40 seconds 

10 seconds: Ethernet, point-to-point, Frame Relay, and PPP 
1 

5 seconds 

1 second 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 


1138 


Command Reference Guide Ethernet Interface Configuration Command Set 





Command History 





Release 3.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Usage Examples 





The following example specifies an ospf priority of 120 on the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip ospf priority 120 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing OSPF 
authentication. Use the no form of this command to return to the default setting. Variations of this 
command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication is used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Usage Examples 





The following example specifies that no authentication will be used on the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point. 


Command History 


Release 3.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces 


Functional Notes 


A point-to-point network will not elect designated routers. 


Usage Examples 





The following example designates a broadcast network type: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM sparse mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a Rendezvous Point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the routers priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4,294,967,295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the Ethernet 0/1 interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip pim-sparse dr-priority 100 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the Ethernet 0/1 interface every 3600 seconds: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10,800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65,535 milliseconds. 


Default Values 





By default, the override interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override interval to 3000 milliseconds: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32,767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip pim-sparse propagation-delay 300 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route-map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 





In general, the principle of proxy-arp allows a router to insert its IP address in the source IP address field of 
a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all arp requests with its specified MAC address and forward 
packets accordingly. 


Enabling proxy-arp on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets 
received on the interface. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only RIP version 1 packets received on the interface. 
2 Accepts only RIP version 2 packets received on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 


Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 


Use the ip rip receive version command to specify a RIP version that overrides the version (in the 
Router RIP) configuration. Refer to version on page 2238 for more information. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the Ethernet interface to accept only RIP version 2 packets: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets 
transmitted on the interface. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 


Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 


Use the ip rip send version command to specify a RIP version that overrides the version (in the Router 
RIP) configuration. Refer to version on page 2238 for more information. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the Ethernet interface to transmit only RIP version 2 packets: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface eth 0/1 
(config-eth 0/1)#ip rip summary-address 10.10.123.0 255.255.255.0 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1152 


Command Reference Guide Ethernet Interface Configuration Command Set 





ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


WOE Using Network Address Translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP 
route-cache is enabled for all virtual PPP interfaces. 


Command History 





Release 2.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 


Functional Notes 





Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast switching on the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a 
PPP interface, use ppp 1; for an ATM subinterface use atm 1.1 and fora 
wireless virtual access point use dot11ap 1/1.1. Type ip unnumbered ? for 
a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 11.1 Command was expanded to include demand interfaces. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered ppp 1 while in the Ethernet 
Interface Configuration mode configures the Ethernet interface to use the IP address assigned to the PPP 
interface for all IP processing. In addition, AOS uses the specified interface information when sending 
route updates over the unnumbered interface. 


Usage Examples 





The following example configures the Ethernet interface 0/1 to use the IP address assigned to the PPP 
interface (ppp 1): 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip unnumbered ppp 1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <filtername> http command before applying it to the interface. 
Refer to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through the Ethernet interface and 
matches the URL filter named MyFilter: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
the command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP related 
UT settings on that interface. 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF that is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF but multiple interfaces can be assigned to the same VRF. 


An interface will only forward |P-traffic that matches its associated VRF. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the eth 0/1 interface to the VRF instance named RED: 


(config)#interface eth 0/1 
(config-eth 0/1)#ip vrf forwarding RED 
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lldp receive 


Use the Ildp receive command to allow LLDP packets to be received on this interface. Use the no form of 
this command to prevent LLDP packets from being received on the interface. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example configures Ethernet interface 0/1 to receive LLDP packets: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#Ildp receive 
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lldp send 


Use the Ildp send command to configure this interface to transmit LLDP packets or to control the types of 
information contained in the LLDP packets transmitted by this interface. Use the no form of these 
commands to prevent certain information from being transmitted by the interface. Variations of this 
command include: 


lidp send 802.3-info mac-phy-config 
lidp send management-address 
lldp send med-info network-policy 
lldp send port-description 

lldp send system-capabilities 

lldp send system-description 

lldp send system-name 

Ildp send-and-receive 


Syntax Description 


802.3-info mac-phy-config Enables transmission of the capability and settings of the duplex and speed 
on this interface. 


management-address Enables transmission of management address information on this interface. 
med-info network-policy Enables transmission of LLDP-MED network policy information on the 
interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
send-and-receive Configures this interface to both transmit and receive LLDP packets. This is 


the default setting. 


Default Values 





By default, all interfaces that support LLDP except routed Ethernet are configured to transmit and receive 
LLDP packets. LLDP is disabled by default on routed Ethernet interfaces. 





‘one The 802.3 MAC/PHY status configuration and LLDP-MED network policy TLVs are only 


supported on switch port interfaces and NetVanta 1524ST Gigabit Ethernet interfaces. 





Command History 





Release 8.1 Command was introduced. 
Release 17.2 Command was expanded to include 802.3 and LLDP-MED information. 
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Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send-and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 


Usage Examples 





The following example configures Ethernet interface 0/1 to transmit LLDP packets containing all enabled 
information types: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#lldp send 
The following example configures Ethernet interface 0/1 to transmit and receive LLDP packets containing 


all enabled information types: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#Ildp send-and-receive 
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mac-address <mac address> 


Use the mac-address command to specify the Media Access Control (MAC) address of the unit. Only the 
last three values of the MAC address can be modified. The first three values contain the ADTRAN 
reserved number (00:0A:C8) by default. Use the no form of this command to return to the default MAC 
address programmed by ADTRAN. 


Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in following format xx:xx:xx:Xx:xx:xx (for example, 00:A0:C8:00:00:01). 


Default Values 





A unique default MAC address is programmed in each unit shipped by ADTRAN. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include Gigabit Ethernet interfaces. 


Usage Examples 
The following example configures a MAC address of 00:0A:C8:5F:00:D2: 





(config)#interface ethernet 0/1 
(config-eth 0/1)#mac-address 00:0A:C8:5F:00:D2 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for QoS. This 
setting is configured as a percentage of the total interface speed. Range is 
1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent of the bandwidth on the Ethernet interface 0/1 be available for 
use in user-defined queues: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#max-reserved-bandwidth 85 
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media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for RTP traffic. When 
configuring VoIP, RTP traffic needs an IP address to be associated with it. However, some interfaces allow 
“dynamic” configuration of IP addresses, and thus, this value could change periodically. Use the no form 
of these commands to disable these functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary </p address> 


Syntax Description 





loopback <ip address> Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


primary Use the IP address that is configured as primary on this interface. Applies to 
static, DHCP, or negotiated addresses. 


secondary <ip address> Use the statically defined secondary IP address of this interface to be used 
for RTP traffic. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 





By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#media-gateway ip primary 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


OSPF will not become adjacent on links where the MTU sizes do not match. If router A and router B are 
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by 
design and required by the RFC. 


Usage Examples 





The following example specifies an MTU of 1200 on the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#mtu 1200 
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port-auth auth-mode 


Use the port-auth auth-mode command to configure the authentication mode. Use the no form of this 
command to return to the default settings. Variations of this command include: 


port-auth auth-mode mac-based 
port-auth auth-mode port-based 


Syntax Description 





mac-based Specifies a MAC-based authentication mode. Each host must authenticate 
separately. 
port-based Specifies a port-based authentication mode. Only a single host can 


participate in the authentication process. 


Default Values 





By default, the authentication mode is port-based. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the unit for MAC-based authentication mode: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#port-auth auth-mode mac-based 
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port-auth control-direction 


Use the port-auth control-direction command to configure the direction in which traffic is blocked. This 
command is only applicable when authentication is port-based. Use the no form of this command to return 
to the default settings. Variations of this command include: 


port-auth control-direction both 
port-auth control-direction in 


Syntax Description 





both Blocks traffic in both directions when the port becomes unauthorized. 
in Blocks only incoming traffic when the port becomes unauthorized. 


Default Values 





By default, traffic is blocked in both directions. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example causes traffic to be blocked in both directions when the port becomes unauthorized: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#port-auth control-direction both 
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port-auth multiple-hosts 
Use the port-auth multiple-hosts command to allow multiple hosts to access an authorized port without 


going through the authentication process. This command is only applicable when authentication is 
port-based. Use the no form of this command to return to the default settings. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables multiple hosts to access an authorized port: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#port-auth multiple-hosts 
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port-auth port-control 


Use the port-auth port-control command to configure the port-authorization state. Use the no form of 
this command to return to the default settings. Variations of this command include: 


port-auth port-control auto 
port-auth port-control force-authorized 
port-auth port-control force-unauthorized 


Syntax Description 





auto Enables the port-authentication process. 
force-authorized Forces the port into an authorized state. 
force-unauthorized Forces the port into an unauthorized state. 


Default Values 





By default, all ports are forced to an authorized state. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example forces Ethernet port 0/1 into an unauthorized state: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#port-auth port-control force-unauthorized 
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power inline 


Use the power inline command to detect attached Powered Devices (PDs) and deliver 48 VDC, compliant 
with the IEEE 802.3af power-over-Ethernet standard, to the PD via existing CATS cabling. To disable 
power detection and supply, use the power inline never command. Variations of this command include: 


power inline auto 
power inline legacy 
power inline never 


Syntax Description 





auto Enables power detection and supply to PDs. 

legacy Enables power detection and supply of legacy non-IEEE 802.3af compliant 
PDs. 

never Disables power detection and supply to PDs. 


Default Values 





By default, PWR switches discover and provide power to IEEE compliant PDs. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example configures the ethernet interface to detect and supply power to PDs: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#power inline auto 
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qos-policy 


Use the qos-policy command to apply a previously-configured Quality of Service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously-created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 9.1 Command was introduced. 
Release 15.1 Command was expanded to include in option. 


Functional Notes 


When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 
2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. A cross-connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing. 

6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 
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Usage Examples 





The following example applies the QOS map VOICEMAP to the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#qos-policy out VOICEMAP 
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qos 


Use the qos (quality of service) command to set the interface to the trusted state and to set the default cost 
of service (CoS) value. To return to defaults, use the no version of this command. Variations of this 
command include: 


qos default-cos <value> 
qos trust cos 


Syntax Description 





default-cos <value> Sets the default CoS value for untrusted ports and all untagged packets. 
Range is 0 through 7. 


trust cos Sets the interface to the trusted state. 


Default Values 





By default, the interface is untrusted with a default CoS of 0. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Set the interface to trust cos if received 802.1P CoS values are considered valid (i.e., no need to 
reclassify) and do not need to be tagged with the default value. When set to untrusted, the default-cos 
value for the interface is used. 


Usage Examples 





The following example sets Ethernet interface 0/1 as a trusted interface and assigns untagged packets a 
CoS value of 1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#qos trust cos 
(config-eth 0/1)#qos default-cos 1 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the Ethernet 0/2 interface: 


#config)#interface eth 0/2 
(config-eth 0/2)#rtp quality-monitoring 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Us the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP capability on the Ethernet interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the SNMP variable ifLink UpDownTrapEnable (RFC 


2863) to enable (or disable) the interface to send SNMP traps when there is an interface status change. Use 
the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#no snmp trap link-status 
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spanning-tree bpdufilter 


Use the spanning-tree bpdufilter command to enable or disable the BPDU filter on a specific interface. 
This setting overrides the related Global setting (refer to spanning-tree edgeport bpdufilter default on page 
930). Use the no version of the command to return to the default setting. Variations of this command 
include: 


spanning-tree bpdufilter disable 
spanning-tree bpdufilter enable 


Syntax Description 





disable Disables BPDU filter for this interface. 
enable Enables BPDU filter for this interface. 


Default Values 





By default, this setting is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The bpdufilter blocks any BPDUs from being transmitted and received on an interface. 


Usage Examples 





The following example enables the BPDU filter on the Ethernet interface 0/3: 

(config)#interface ethernet 0/3 

(config-eth 0/3)#spanning-tree bpdufilter enable 

The BPDU filter can be disabled on the Ethernet interface 0/3 by issuing the following commands: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#spanning-tree bpdufilter disable 
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spanning-tree bpduguard 


Use the spanning-tree bpduguard command to enable or disable the BPDU guard on a specific interface. 
This setting overrides the related global setting (refer to spanning-tree forward-time <value> on page 
933). Use the no version of the command to return to the default setting. Variations of this command 
include: 


spanning-tree bpduguard disable 
spanning-tree bpduguard enable 


Syntax Description 





disable Disables BPDU guard for this interface. 
enable Enables BPDU guard for this interface. 


Default Values 





By default, this setting is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The bpduguard blocks any BPDUs from being received on an interface. 


Usage Examples 





The following example enables the BPDU guard on the interface Ethernet interface 0/3: 
(config)#interface ethernet 0/3 

(config-eth 0/3)#spanning-tree bpduguard enable 

The BPDU guard can be disabled on the Ethernet interface 0/3 by issuing the following commands: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#spanning-tree bpduguard disable 
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spanning-tree cost <value> 


Use the spanning-tree cost command to assign a cost to the interface. The cost value is used when 
computing the spanning-tree root path. Use the no version of the command to return to the default setting. 


Syntax Description 


<value> Specifies a cost value of 1 to 200,000,000. 


Default Values 





By default, the cost value is set to 1000/link speed in Mbps. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the interface to a path cost of 1200: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#spanning-tree cost 1200 
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spanning-tree edgeport 
Use the spanning-tree edgeport command to configure the interface to be an edgeport. This command 


overrides the related Global setting (refer to spanning-tree edgeport default on page 932). Use the no 
version of the command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this setting is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Enabling this command configures the interface to go to a forwarding state when the link becomes active. 
When not enabled, an interface must go through the listening and learning states before going to the 
forwarding state. 


Usage Examples 





The following example configures the interface to be an edgeport: 

(config)#interface ethernet 0/1 

(config-eth 0/1)#spanning-tree edgeport 

An individual interface can be configured to not be considered an edgeport. For example: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#no spanning-tree edgeport 
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spanning-tree link-type 


Use the spanning-tree link-type command to configure the spanning tree protocol link type for each 
interface. Use the no version of the command to return to the default setting. Variations of this command 
include: 


spanning-tree link-type auto 
spanning-tree link-type point-to-point 
spanning-tree link-type shared 


Syntax Description 





auto Determines link type by the port’s duplex settings. 
point-to-point Manually sets link type to point-to-point, regardless of duplex settings. 
shared Manually sets link type to shared, regardless of duplex settings. 


Default Values 





By default, the interface is set to auto. 


Command History 


Release 5.1 Command was introduced. 


Functional Notes 





This command overrides the default link type setting determined by the duplex of the individual port. By 
default, a port configured for half-duplex is set to shared link type, and a port configured for full-duplex is 
set to point-to-point link type. Setting the link type manually overrides the default and forces the port to 
use the specified link type. Use the link-type auto command to restore the convention of determining link 
type based on duplex settings. 


Usage Examples 





The following example forces the link type to point-to-point, even if the port is configured to be 
half-duplex: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#spanning-tree link-type point-to-point 


Technology Review 


Rapid transitions are possible in rapid spanning-tree protocol (RSTP) by taking advantage of point-to-point 
links (a port is connected to exactly one other bridge) and edge-port connections (a port is not connected 
to any additional bridges). Setting the link-type to auto allows the spanning-tree to automatically configure 
the link type based on the duplex of the link. Setting the link type to point-to-point allows a half-duplex link 
to act as if it were a point-to-point link. 
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spanning-tree pathcost method 


Use the spanning-tree pathcost method command to select a short or long method used by the 
spanning-tree protocol. Variations of this command include: 


spanning-tree pathcost method long 
spanning-tree pathcost method short 


Syntax Description 





long Specifies 32-bit values when calculating pathcosts. 
short Specifies 16-bit values when calculating pathcosts. 


Default Values 





By default, spanning-tree pathcost method is set to short. 


Command History 


Release 5.1 Command was introduced. 


Usage Examples 





The following example specifies that the spanning tree protocol use a long pathcost method: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#spanning-tree pathcost method long 
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spanning-tree port-priority <va/ue> 


Use the spanning-tree port-priority command to select the priority level of this interface. To return to the 
default setting, use the no version of this command. 


Syntax Description 


<value> Specifies a priority-level value from 0 to 240 (this value must be in 
increments of 16). 


Default Values 
By default, this set to 128. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The only time that this priority level is used is when two interfaces with a path to the root have equal cost. 
At that point, the level set in this command will determine which port the spanning tree will use. Set the 
priority value lower to increase the chance the interface will be used. 


Usage Examples 





The following example sets the interface to a priority of 100: 


(config)#interface ethernet 0/3 
(config-eth 0/3)#spanning-tree port-priority 100 
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speed 


Use the speed command to configure the speed of an Ethernet interface. Use the no form of this command 
to return to the default value. Variations of this command include: 


speed 10 
speed 100 
speed 1000 
speed auto 


Syntax Description 





10 Specifies 10 Mbps Ethernet. 

100 Specifies 100 Mbps Ethernet. 

1000 Specifies 1 Gbps Ethernet. This only applies to Gigabit Ethernet interfaces. 

auto Automatically detects 10 or 100 Mbps Ethernet and negotiates the duplex 
setting. 





Some Ethernet equipment (though rare) is unable to negotiate duplex if speed is manually 
‘one determined. To avoid incompatibilities, manually set the duplex if the speed is manually 
set. Refer to full-duplex on page 1116 and half-duplex on page 1117. 


Default Values 





By default, speed is set to auto. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures the Ethernet port for 100 Mb operation: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#speed 100 
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storm-control 


Use the storm-control command to configure limits on the rates of broadcast, multicast, and unicast traffic 
on a port. Use the no version of this command to disable this feature. Variations of this command include: 


storm-control broadcast level <rising level> 
storm-control broadcast level <rising level> <falling level> 
storm-control multicast level <rising level> 
storm-control multicast level <rising level> <falling level> 
storm-control unicast level <rising level> 

storm-control unicast level <rising level> <falling level> 


Syntax Description 





broadcast level Sets levels for broadcast traffic. 

multicast level Sets levels for multicast traffic. 

unicast level Sets levels for unicast traffic. 

<rising level> Specifies a rising level which determines the percentage of total bandwidth 


the port accepts before it begins blocking packets. Range is 1 to 
100 percent. 

<falling level> Optional. Specifies a falling level which determines when the storm is 
considered over, causing AOS to no longer block packets. This level must be 
less than the rising level. Range is 1 to 100 percent. 


Default Values 





By default, storm-control is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


This setting configures the rising and falling suppression values. When the selected rising level (which is a 
percentage of total bandwidth) is reached, the port begins blocking packets of the specified type (i.e., 
broadcast, multicast, or unicast). AOS uses the rising level as its falling level if no falling level is specified. 


Usage Examples 





The following example sets the rising suppression level to 85 percent for multicast packets: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#storm-control multicast level 85 
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The following example sets the rising suppression level to 80 percent for broadcast packets, with a falling 
level of 50 percent: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#storm-control broadcast level 80 50 
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storm-control action shutdown 


Use the storm-control action shutdown command shuts down the interface when a storm occurs. Use the 
no version of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled; the interface will only filter traffic. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Enabling this option shuts down the interface if a multicast, unicast, or broadcast storm occurs. 


Usage Examples 





The following example shuts down Ethernet interface 0/1 if a storm is detected: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#storm-control action shutdown 
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switchport access vlan <vian id> 


Use the switchport access vlan command to set the port to be a member of the VLAN when in access 
mode. To reset the port to be a member of the default VLAN, use the no version of this command. 


Syntax Description 


<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 
By default, this is set to VLAN 1 (the default VLAN). 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





If the port is in the trunk mode, this command will not alter the switchport mode to access. Instead it will 
save the value to be applied when the port does switch to access mode. Refer to switchport mode on page 
1188 for more information. 


Usage Examples 





The following example sets the switchport mode to static access and makes the Ethernet interface 0/1 port 
a member of VLAN 2: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport mode access 
(config-eth 0/1)#switchport access vlan 2 
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switchport gvrp 


Use the switchport gvrp command to enable or disable GARP VLAN Registration Protocol (GVRP) on 
an interface. Use the no form of this command to return to the default value. 


Syntax Description 


No subcommanads. 


Default Values 
By default, GVRP is disabled on all ports. 





Command History 





Release 8.1 Command was introduced. 


Functional Notes 





Enabling GVRP on any interface enables GVRP globally. 


Usage Examples 





The following example enables GVRP on Ethernet interface 0/24: 


(config)#interface ethernet 0/24 
(config-eth 0/24)#switchport gvrp 
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switchport mode 


Use the switchport mode command to configure the VLAN membership mode. To reset membership 
mode to the default value, use the no version of this command. The stack selection does not apply to the 
NetVanta 300 Series units. Variations of this command include: 


switchport mode access 
switchport mode stack 
switchport mode trunk 


Syntax Description 





access Sets port to be a single (non-trunked) port that transmits and receives no 
tagged packets. 

stack Sets the port to allow it to communicate with a switch stack. (Does not apply 
the NetVanta 300 Series units.) 

trunk Sets port to transmit and receive packets on all VLANs included within its 


VLAN allowed list. 


Default Values 


By default, switchport mode is set to access. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


Configuring the interface for stack mode (using the switchport mode stack command) enables the switch 
to communicate with other switches that it is stacking capable. 


¢ — If the switch is configured as the stack master (using the (config)#stack master commana), it will begin 
advertising itself as a stack master. 

¢ If the switch is configured as the stack member (using the (config)#stack member commana), it will 
begin advertising other stack masters that it knows about. 


Stack mode also allows the port to transmit and receive packets on all VLANs that are included in the 
VLAN allowed list. 


Usage Examples 





The following example sets the port to be a trunk port: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport mode trunk 
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switchport protected 
Use the switchport protected command to prevent the port from transmitting traffic to all other protected 


ports. A protected port can only send traffic to unprotected ports. Use the no form of this command to 
disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





This command is disabled by default. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





In the example below, all three of the ports are on VLAN 3, and Ethernet 0/1 and Ethernet 0/2 are 
designated as protected ports. Ethernet 0/3 is unprotected. Ethernet 0/1 and Ethernet 0/2 will be allowed to 
send traffic to Ethernet 0/3, but traffic traveling between Ethernet 0/1 and Ethernet 0/2 will be blocked. 


config)#interface ethernet 0/1 

config-eth 0/1)#switchport access vian 3 
config-eth 0/1)#switchport protected 
config-eth 0/1)#exit 


config)#interface ethernet 0/2 

config-eth 0/2)#switchport access vlan 32 
config-eth 0/2)#switchport protected 
config-eth 0/1)#exit 


aN aN 


(config)#interface ethernet 0/3 
(config-eth 0/3)#switchport access vlan 3 
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switchport port-security 


Use the switchport port-security command to enable port security functionality on the interface. Use the 
no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





This command is disabled by default. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





You cannot enable port security on a port that is already configured as the following: 


¢ Monitor session destination 
* Member of a port channel interface 
« Dynamic or trunk port (i.e., the port must be configured as static access) 


Usage Examples 





The following example enables port security on the Ethernet interface 0/1 interface: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport port-security 
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switchport port-security aging 


Use the switchport port-security aging command to enable and configure secure MAC address aging on 
a particular interface. Use the no form of this command to disable this feature. Variations of this command 
include: 


switchport port-security aging static 
switchport port-security aging time <va/lue> 
switchport port-security aging type absolute 


Syntax Description 





static Configures the interface to age static as well as dynamic entries in the 
secure MAC address table. 

time <value> Enables port security aging for dynamic entries in the secure MAC address 
table by configuring a time (in minutes). Disable aging by setting the time 
to 0. 

type absolute Configures the address to be removed after the specified time, regardless 
of activity. 


Default Values 





By default, dynamic and static aging are disabled. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example sets the aging time of secure MAC addresses to 10 minutes: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport port-security aging time 10 
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switchport port-security expire 


Use the switchport port-security expire command to disable an interface after a specified amount of 
time. Use the no form of this command to return to the default setting. Variations of this command include: 


switchport port-security expire time <va/ue> 
switchport port-security expire type absolute 


Syntax Description 





time <value> Enables port expiration by configuring a time (in minutes). Disable by 
setting time to 0. 

type absolute Configures the interface to shut down after the specified time, regardless of 
activity. 


Default Values 





By default, this command is disabled and set to type absolute. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example disables Ethernet interface 0/1 after 10 minutes: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport port-security expire time 10 
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switchport port-security mac-address 


Use the switchport port-security mac-address command to add a static secure MAC address or sticky 
secure MAC address associated with the interface and to enable sticky address learning. Variations of this 
command include the following: Us the no form of this command to remove a MAC address associated 
with this port. 


switchport port-security mac-address <mac address> 
switchport port-security mac-address sticky 
switchport port-security mac-address sticky <mac address> 


Syntax Description 





sticky Optional. Enables sticky address learning if no MAC address is specified. 


<mac address> Optional. Adds a MAC address associated with this interface. MAC 
addresses should be expressed in following format xx:xx:xx:XXx:XXx:xx (for 
example, 00:A0:C8:00:00:01). 


Default Values 





By default, sticky learning is disabled and there are no configured MAC addresses. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example adds a single static address and enables sticky address learning on interface 
Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport port-security mac-address 00:A0:C8:02:D0:30 
(config-eth 0/1)#switchport port-security mac-address sticky 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1193 


Command Reference Guide Ethernet Interface Configuration Command Set 





switchport port-security maximum <value> 
Use the switchport port-security maximum command to configure the maximum number of secure 


MAC addresses associated with the interface. Use the no form of this command to return to the default 
setting. 


Syntax Description 





<value> Specifies the maximum number of secure MAC addresses to be associated 
with the interface. Range is 1 to 132. 


Default Values 





The default value for this command is 1. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example sets the maximum supported MAC addresses for Ethernet interface 0/1 to 2: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport port-security maximum 2 
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switchport port-security violation 


Use the switchport port-security violation command to configure the action to be taken once a security 
violation is encountered. Use the no form of this command to return to the default setting. Variations of 
this command include: 


switchport port-security violation protect 
switchport port-security violation restrict 
switchport port-security violation shutdown 


Syntax Description 





protect Determines that the unit will not learn any new secure addresses (nor allow 
these new sources to pass traffic) until the number of currently active 
secure addresses drops below the maximum setting. 


restrict Determines that the security violation counter increments and an SNMP 
trap is sent once a violation is detected. The new address is not learned and 
data from that address is not allowed to pass. 

shutdown Determines that the interface is disabled once a violation is detected. A no 
shutdown command is required to re-enable the interface. 


Default Values 





The default for this command is shutdown. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example configures the interface to react to security violations by not learning the addresses 
of and not accepting data from the violation source: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport port-security violation restrict 
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switchport trunk allowed vian 


Use the switchport trunk allowed vlan command to allow certain VLANs to transmit and receive traffic 
on this port when the interface is in trunking mode. To return to defaults, use the no version of this 
command. Variations of this command include: 


switchport trunk allowed vlan </ist> 
switchport trunk allowed vian add </ist> 
switchport trunk allowed vlan all 
switchport trunk allowed vlan except </ist> 
switchport trunk allowed vlan none 
switchport trunk allowed vian remove </ist> 


Syntax Description 





<list> Specifies a list of valid VLAN interface IDs. Refer to Functional Notes, 
below. 

add Adds the specified VLAN IDs to the VLAN trunking allowed list. 

all Adds all configured VLAN IDs to the VLAN trunking allowed list. 

except Adds all configured VLAN IDs to the VLAN trunking allowed list except 
those specified in the <vian id list>. 

none Adds no VLAN IDs to the VLAN trunking allowed list. 

remove Removes VLAN IDs from the VLAN trunking allowed list. 


Default Values 





By default, all valid VLANs are allowed. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


A VLAN list is a set of VLAN IDs delimited by commas. A valid VLAN ID value must be from 1 through 
4094. A range of IDs may be expressed as a single element by using a hyphen between endpoints. For 
example the VLAN ID range 1,2,3,4,6,7,8,9,500 may be more easily expressed as 1-4,6-9,500. No spaces 
are allowed in a valid ID range. 





Usage Examples 





The following example adds VLANs to the previously existing list of VLANs allowed to transmit and receive 
on this port: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport trunk allowed vian add 1-4,7-9,500 
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switchport trunk fixed vian 


Use the switchport trunk fixed vlan command to change the configured list of VLANs that remain fixed 
in use only when GVRP is enabled on the interface. Of these VLANs, VLANs statically created will be 
available for use on the interface. Use the no forms of these commands to disable these features. Variations 
of this command include: 


switchport trunk fixed vlan add </ist> 
switchport trunk fixed vlan all 
switchport trunk fixed vlan except </ist> 
switchport trunk fixed vlan none 
switchport trunk fixed vlan remove </ist> 


Syntax Description 





<list> Specifies a list of valid VLAN interface IDs. Refer to Functional Notes, 
below. 

add Adds VLANs to the VLAN GVRP trunking fixed list. 

all Adds all VLANs to the VLAN GVRP trunking fixed list. 

except Adds all VLAN IDs to the VLAN trunking fixed list except those in the 
command line VLAN ID list. 

none Removes all VLANs from the VLAN GVRP trunking fixed list. 

remove Removes VLAN from the VLAN trunking fixed list. 


Default Values 





By default, no VLANs are in the VLAN GVRP trunking fixed list (switchport trunk fixed vlan none). 


A VLAN list is a set of VLAN IDs delimited by commas. A valid VLAN ID value must be from 1 through 
4094. A range of IDs may be expressed as a single element by using a hyphen between endpoints. For 
example the VLAN ID range 1,2,3,4,6,7,8,9,500 may be more easily expressed as 1-4,6-9,500. No spaces 
are allowed in a valid ID range. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command has no effect on VLAN membership configuration unless GVRP is enabled on the interface. 


Usage Examples 





The following example changes the configured list of fixed VLANs by adding VLAN 50 to the list. 


(config-eth 0/20)#switchport trunk fixed vlan add 1-15,25-30,40 
(config-eth 0/20)#switchport trunk fixed vlan add 50 
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The following example changes the configured list of fixed VLANs by removing VLANs 10 to 100 from the 
list: 


(config-eth 0/20)#switchport trunk fixed vlan remove 10-100 


The following example changes the configured list of fixed VLANs to include only VLANs 1 to 1000: 
(config-eth 0/20)#switchport trunk fixed vlan 1-1000 


The following example changes the configured list of fixed VLANs to include no VLANs (except those 
VLANs that are native): 


(config-eth 0/20)#switchport trunk fixed vlan none 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1198 


Command Reference Guide Ethernet Interface Configuration Command Set 





switchport trunk native vlan <vian id> 


Use the switchport trunk native vlan command to set the VLAN native to the interface when the 
interface is in trunking mode. To return to defaults, use the no version of this command. 


Syntax Description 
<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 
By default, this is set to VLAN 1. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Configure which VLAN the interface uses as its native VLAN during trunking. Packets from this VLAN 
leaving the interface will not be tagged with the VLAN number. Any untagged packets received by the 
interface are considered a part of the native VLAN ID. 


Usage Examples 





The following example sets the native VLAN on Ethernet interface 0/1 to VLAN 2: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#switchport trunk native vian 2 
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switchport vian 


Use the switchport vlan command to create a Link-Layer Discovery Protocol-Media Endpoint Discovery 
(LLDP-MED) network policy that specifies a VLAN for voice, guest-voice, softphone, or 
voice-signalling applications. Use the optional cos and dscp keywords to define class of service (CoS) and 
differentiated services code point (DSCP) values associated with the application. Use the no form of this 
command to remove an existing network policy. Variations of this command include: 


switchport guest-voice vlan <vian id> 

switchport guest-voice vlan <vian id> [cos <value> | dscp <value> | cos <value> dscp <value>] 
switchport softphone vian <vian id> 

switchport softphone vlan <vian id> [cos <value> | dscp <value> | cos <value> dscp <value>] 
switchport voice vlan <vian id> 

switchport voice vlan <vian id> [cos <value> | dscp <value> | cos <value> dscp <value>] 
switchport voice-signalling vlan <vian id> 

switchport voice-signalling vlan <vian id> [cos <value>|dscp <value> | cos <value> dscp <value>] 


Syntax Description 





guest-voice Specifies a guest voice application, which is used to define a policy for 
guest users with a limited feature set voice service. 

softphone Specifies a soft phone application, which is used to define a policy for soft 
phone applications that operate on devices, such as PCs or laptop 
computers. 

voice Specifies a voice application, which is used to define a policy for dedicated 
IP phone handsets and other similar devices supporting interactive voice 
services. 

voice-signalling Specifies a voice signaling application, which is used to define a policy for 
the command and control signaling that supports voice and guest voice 
applications. 

<vian id> Specifies the voice VLAN ID. Range is 1 to 4094. 


cos <value> Optional. Specifies the CoS value assigned to the application. Range is 
0 to 7. 


dscp <value> Optional. Specifies the DSCP value assigned to the application. Range is 
0 to 63. 


Default Values 





By default, no LLDP-MED network policies are configured. 


If an application and VLAN are specified without the optional CoS or DSCP parameters, then default CoS 
and DSCP values are assigned. 


Default CoS values are: voice (5); voice-signalling (3); guest-voice (0); softphone (0). 


Default DSCP values are: voice (46); voice-signalling (26); guest-voice (0); softphone (0). 
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Command History 





Release 16.1 The command switchport voice vlan <vian id> was introduced. 

Release 17.2 Command was expanded to include additional applications: guest-voice, 
softphone, and voice-signalling. The optional cos and dscp parameters 
were added. 


Functional Notes 





The switch port command allows a configured interface to function as an access point for a VLAN while 
adding the specified VLAN to the port’s allowed VLAN list. This command automatically sets the port to 
spanning tree edgeport mode, but this mode is not automatically reset when the voice, guest voice, soft 
phone, or signaling VLAN is removed. 





Wor If the VLAN specified in this command does not yet exist, it will be created in ADTRAN 


Operating System (AOS) when the command is issued. 





A network policy is typically configured on switch port interfaces in AOS devices that support LLDP-MED. 
An exception is the NetVanta 1524ST, where network policies are configured on Gigabit Ethernet 
interfaces. 


At least one network policy should be configured on a switch port interface that is connected to an 
LLDP-MED capable endpoint. Depending on the type and use of Voice over Internet Protocol (VoIP) 
equipment attached to the switch port interface, multiple network policies may need to be configured on 
the same interface. 


Some endpoints prefer to use untagged VLANs for their application. To achieve this in AOS, configure the 
application to be on the same VLAN of which the port is a member. By default, this is VLAN 1. 





For more information about allowed VLAN lists, refer to switchport trunk allowed vlan on 
page 1196. For more information about spanning-tree edgeport mode, refer to 

‘ore spanning-tree edgeport on page 1178. For more information about switch port mode, refer 
to switchport mode on page 1188. 





Usage Examples 





The following example establishes a voice network policy that uses VLAN 200. 


(config)#interface switchport 0/1 
(config-swx 0/1)#switchport voice vlan 200 





Wor Since CoS and DSCP values are not specified in the above network policy, the default 


values for voice applications will be used: CoS (5); DSCP (46). 
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The following example establishes a voice network policy that uses VLAN 200 with CoS priority set to 4 
and DSCP priority set to 36. 


(config)#interface switchport 0/1 
(config-swx 0/1)#switchport voice vlan 200 cos 4 dscp 36 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1202 


Command Reference Guide Ethernet Interface Configuration Command Set 





traffic-shape rate <value> 


Use the traffic-shape rate command to specify and enforce an output bandwidth for Ethernet and VLAN 
interfaces. Variations of this command include: 


traffic-shape rate <va/lue> 
traffic-shape rate <va/lue> <burst> 


Syntax Description 





<value> Specifies the rate (in bits per second) at which the interface should be shaped. 


<burst> Optional. Specifies the allowed burst in bytes. By default, the burst is 
specified as the rate divided by 5 and represents the number of bytes that 
would flow within 200 ms. 


Default Values 





By default, traffic-shaping rate is disabled. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





Traffic shaping can be used to limit an Ethernet segment to a particular rate or to specify use of QoS on 
Ethernet or VLAN interfaces. 


Usage Examples 





The following example sets the outbound rate of Ethernet interface 0/1 to 128 kbps and applies a QoS 
policy that gives all RTP traffic priority over all other traffic: 


config)#qos map voip 1 
config-qos-map)#match ip rtp 10000 10500 all 
config-qos-map)#priority unlimited 
config-qos-map)#interface ethernet 0/1 
config-eth)#traffic-shape rate 128000 
config-eth)#qos-policy out voip 


aon sNN as NN ae 
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vian-id <vian id> 


Use the vlan-id command to set a VLAN ID for the Ethernet interface. Use the no form of this command 
to remove an entry. Variations of this command include: 


vian-id <vian id> 
vian-id <vian id> native 


Syntax Description 





<vian id> Specifies a valid VLAN interface ID number. Range is 1 to 4095. 


native Optional. Specifies that data for that VLAN ID goes out untagged. If native is 
not specified, data for that VLAN ID goes out tagged. 


Default Values 
By default, no VLAN ID is set. 





Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example configures a native VLAN of 5 for the Ethernet interface 0/1: 


(config)#interface ethernet 0/1 
(config-eth 0/1)#vlan-id 5 native 
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vrrp <number> 


Use the vrrp command to configure Virtual Router Redundancy Protocol (VRRP) routers within a router 
group. Use the no form of the command to remove the VRRP router’s configurations. Variations of this 


command include: 


vrrp <number> description <text> 


vrrp <number> ip <address> 


vrrp <number> ip <address> secondary 


vrrp <number> preempt 


vrrp <number> preempt delay minimum <time> 
vrrp <number> priority </evel> 


vrrp <number> shutdown 


vrrp <number> startup-delay <delay> 
vrrp <number> timers advertise <interval> 


vrrp <number> timers learn 


vrrp <number> track <name> 


vrrp <number> track <name> decrement <value> 


Syntax Description 


<number> 


description <text> 
ip <address> 


secondary 
preempt 

delay minimum <time> 
priority </evel> 


shutdown 
startup-delay <delay> 


timers 
advertise <interval> 


learn 


track <name> 


Specifies the VRRP router group’s virtual router ID (VRID) number. Range 
is 1 to 255. 


Specifies the textual description of the VRRP router within the group. 


Specifies the IP address to be used by the VRRP router. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


Optional. Specifies the entry of an additional VRRP router supported IP 
address. 


Allows a VRRP router to preempt the current master router if its priority level 
is higher than the current master’s. 


Optional. Specifies a delay (in seconds) before the specified router will 
attempt to preempt the current master router. Range is 0 to 255 seconds. 


Specifies the configured priority level of the VRRP router. Level range is 1 to 
254. 


Disables the VRRP router. 


Specifies a time delay (in seconds) before a VRRP router becomes active. 
Range is 0 to 255 seconds. 


Specifies the configuration of the VRRP timers. 

Specifies the time (in seconds) between advertisements sent by the master 
router. Range is 1 to 255 seconds. 

Specifies that the backup VRRP router learns the advertisement interval of 
the master router. 

Specifies a change in priority level of the VRRP router based upon the 
specified track. 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 1205 


Command Reference Guide Ethernet Interface Configuration Command Set 





decrement <value> Optional. Specifies the numerical amount to decrement the VRRP’s priority 
level if the track transitions to a FAIL state. Decrement value range is 1 to 
254. 


Default Values 
By default, VRRP is enabled. 





By default, a VRRP router will preempt with no additional delay. 


The default configured priority for a VRRP router that is either a backup router or not the IP address owner 
is 100. The default actual priority of a VRRP router that is the IP address owner is 255. 


By default, startup-delay is enabled with a default value of 35 seconds. 
By default, the advertisement interval is 1 second. 


By default, the default decrement value is 10. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





A VRRP router may be part of more than one virtual router group. Although VRRP group VRIDs can be 
numbered between 1 and 255, only two VRRP routers per interface are supported. 


It is recommended that the timers advertise setting is kept at the default value. If it is necessary to change 
this setting, ensure that all VRRP routers are configured with the new value, as all VRRP routers in the 
virtual group must have the same advertisement interval value. It is also recommended that if the timers 
learn function is enabled on one router in a virtual router group, then the timers learn function should be 
enabled on all routers in the group. 


When the virtual router’s specified IP address is independent of the IP addresses assigned to real 
interfaces on the VRRP routers, there is no IP address owner. This addressing method is preferred if 
object tracking will be used to monitor the network connection. The IP address used for the virtual router 
must be on the same subnet as either the primary or secondary IP addresses assigned to the VRRP 
router’s real interface. 


A track must be created before the vrrp track command can be issued. Refer to the Network Monitor 
Track Configuration Command Set on page 2185 for more information on creating tracks. If a VRRP router 
owns the virtual router IP address, then the VRRP router’s priority level cannot be decremented as a result 
of the track command. If object tracking will be used, it is important that no VRRP router own the virtual 
router IP address. 


Usage Examples 





The following example describes a VRRP router within virtual router group 1 as the Default Master 
Router: 


(config)#interface eth 0/1 
(config-eth 0/1)#vrrp 1 description Default Master Router 
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The following example specifies an IP address of 10.0.0.1 for a VRRP router within virtual router group 1: 


(config)#interface eth 0/1 
(config-eth 0/1)#vrrp 1 ip 10.0.0.1 


The following example specifies that the VRRP router within virtual router group 1 preempts the current 
master router after a 30 second delay: 


(config)#interface eth 0/1 

(config-eth 0/1)#vrrp 1 preempt delay minimum 30 

The following example specifies the configured priority for the VRRP router within virtual router group 1 is 
254: 

(config)#interface eth 0/1 

(config-eth 0/1)#vrrp 1 priority 254 

The following example disables the VRRP router within virtual router group 1: 

(config)#interface eth 0/1 

(config-eth 0/1)#vrrp 1 shutdown 

The following example configures a VRRP router on group 1 to delay 45 seconds before becoming active: 


(config)#interface eth 0/1 
(config-eth 0/1)#vrrp 1 startup-delay 45 
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FDL INTERFACE CONFIGURATION COMMAND SET 


FDL Interface Configuration mode is used for establishing a Telnet session over the FDL (facility 
datalink). To activate, enter the interface fdl command and specify the associated slot/port number (of the 
TI interface used) at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface fdl 1/1 
(config-fdl 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


ip address <ip address> <subnet mask> on page 1209 
ip learn-address on page 1210 

mtu <size> on page 1211 

peer default ip address <ip address> on page 1213 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the no form of this 


command to remove a configured IP address. 


Syntax Description 


<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 


decimal notation (for example, 10.10.10.1). 

<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


Default Values 





By default, there are no assigned IP addresses. 


Command History 





Release 7.1 Command was introduced for the FDL interface. 


Usage Examples 





The following example configures an IP address of 192.22.72.101/30: 


(config)#interface fdl 1/1 
(config-fdl 1/1)#ip address 192.22.72.101/30 255.255.255.252 
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ip learn-address 


Use the ip learn-address command to automatically learn the IP address of the remote unit. Use the no 
form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example enables the FDL to automatically learn the remote unit’s IP address: 


(config)#interface fdl 1/1 
(config-fdl 1/1)#ip learn-address 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 
Release 7.1 Command expanded to support FDL. 


Functional Notes 





OSPF will not become adjacent on links where the MTU sizes do not match. If router A and router B are 
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by 
design and required by the RFC. 
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Usage Examples 





The following example specifies an MTU of 128 on the FDL interface: 


(config)#interface fdl 1/1 
(config-fdl 1/1)#mtu 128 
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peer default ip address </p address> 


Use the peer default ip address command to specify the default IP address of the remote end of this 
interface. Use the no form of this command to remove a default IP address. 


Syntax Description 


<ijpp address> Specifies the default IP address for the remote end. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, there is no assigned peer default IP address. 


Command History 





Release 3.1 Command was introduced. 
Release 7.1 Command was expanded to include FDL. 


Functional Notes 





This command is useful if the peer does not send the IP address option during PPP negotiations. 


Usage Examples 





The following example sets the default peer IP address to 192.22.71.50: 


(config)#interface fdl 1/1 
(config-fdl 1/1)#peer default ip address 192.22.71.50 
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FXO INTERFACE CONFIGURATION COMMAND SET 


To activate the FXO Interface Configuration mode, enter the interface fxo command and specify the FXO 
port at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface fxo 0/1 
(config-fxo 0/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


impedance on page 1215 
loopback on page 1216 
rx-gain <value> on page 1217 
test loop on page 1218 

test ring-ground on page 1219 
test tip-ground on page 1220 
test tone on page 1221 

tx-gain <value> on page 1222 
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impedance 


Use the impedance command to configure the AC impedance of the 2-wire interface. Use the no form of 
this command to return to the default value. Variations of this command include: 


impedance [600c | 900r] 
impedance [900c | 600r] 
impedance [z1| z2 | z3 | z4 | z5 | 26 | z7] 


Syntax Description 





600c Specifies an impedance of 600 Q + 2.16 LIF. 

600r Specifies an impedance of 600 Q real. 

900c Specifies an impedance of 900 © + 2.16 LIF. 

900r Specifies an impedance of 900 Q real. 

z1 Specifies an impedance of Rs 220 2, Rp 820 Q, Cp 115 vF. 

z2 Specifies an impedance of Rs 270 2, Rp 750 Q, Cp 150 vF. 

z3 Specifies an impedance of Rs 270 2, Rp 750 ©, Cp 150 vF, Zin 600r. 
z4 Specifies an impedance of Rs 320 2, Rp 1050 ©, Cp 230 vF. 

z5 Specifies an impedance of Rs 350 02, Rp 1000 2, Cp 210 vF, Zin 600r. 
z6 Specifies an impedance of Rs 370 2, Rp 620 Q, Cp 310 vF. 

z7 Specifies an impedance of Rp 800 2, Rs 100 Q, Cs 50 vF. 


Default Values 





By default, the impedance is set to 600c. 


Command History 





Release 7.1 Command was introduced. 
Release At Command was expanded to include settings z1 through z7. 


Usage Examples 
The following example sets the impedance to 600 Q + 2.16 UF: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#impedance 600c 
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loopback 


Use the loopback command to activate a loopback on the FXO Module. Use the no form of this command 
to deactivate the loopback. Variations of this command include: 


loopback analog 
loopback digital 


Syntax Description 





analog Initiates a loopback toward the T1 network side of the connection after 
passing through analog filters in the voice CODEC. 

digital Initiates the same loopback before passing through analog filters in the 
voice CODEC. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example activates a loopback toward the T1 network side of the connection after passing 
through analog filters in the voice CODEC: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#loopback analog 
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rx-gain <value> 
Use the rx-gain command to define the receive gain characteristics on the FXO interface. Receive gain 


determines the amplification of the received signal before transmitting it out the FXO interface. Use the no 
form of this command to return to the default. 


Syntax Description 





<value> Defines the receive gain characteristics for the interface in 0.1 decibel 
increments. Range is -6.0 to 10.0 dB. 


Default Values 





By default, this command is set to 0 dB. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





When increasing this value, the signal being received on this port sounds louder. When decreasing this 
value, the signal being received on this port sounds softer. 


Usage Examples 





The following example defines the receive gain as -5.4 dB: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#rx-gain -5.4 
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test loop 


Use the test loop command to manually control the FXO interface’s hook switch. This is helpful when 
troubleshooting problems with the FXO equipment. Use the no form of this command to disable this 
feature. Variations of this command include: 


test loop closed 
test loop open 


Syntax Description 





closed Closes the hook switch, allowing DC current to flow through the interface. 
open Opens the hook switch, preventing DC current from flowing through the 
interface. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example opens the interface’s hook switch: 


(config)#interface fxo 02/1 
(config-fxo 0/1)#test loop open 
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test ring-ground 
Use the test ring-ground command to force the ring conductor to ground potential and provides battery on 


tip for detection of tip ground. This is helpful when troubleshooting problems with ground start circuits. 
Use the no form of this command to return to the default. 


Syntax Description 





No subcommanas. 


Default Value 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example forces a ring-ground test of the FXO interface: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#test ring-ground 
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test tip-ground 
Use the test tip-ground command to detect the removal of the ring ground and check for the loop 


condition on an active FXO interface. This is helpful when troubleshooting problems with ground start 
circuits. Use the no form of this command to return to the default. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example forces a tip-ground test of the FXO interface: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#test tip-ground 
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test tone 


Use the test tone command to activate the 1 kHz test tone. Use the no form of this command to deactivate 
the test tone. Variations of this command include: 


test tone far 
test tone near 


Syntax Description 





far Sends the test tone out the T1 network interface to the remote end. 
near Sends the test tone toward the FXO interface. 


Default Values 





By default, this command is disabled. 


Command History 


Release 7.1 Command was introduced. 


Usage Examples 





The following example sends the test tone toward the FXO interface: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#test tone near 
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tx-gain <value> 
Use the tx-gain command to define the transmit gain characteristics on the FXO interface. Transmit gain 


determines the amplification of the transmitted signal before transmitting from the FXO interface toward 
the network. Use the no form of this command to return to the default. 


Syntax Description 





<value> Defines the transmit gain characteristics in 0.1 decibel increments. Range is 
-6.0 to 10.0 dB. 


Default Values 





By default, transmit gain is set to 0 dB. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





When increasing this value, the signal being transmitted to the far end sounds louder. When decreasing 
this value, the signal being transmitted to the far end sounds softer. 


Usage Examples 





The following example defines the transmit gain as -5.4 dB on the FXO interface: 


(config)#interface fxo 0/1 
(config-fxo 0/1)#tx-gain -5.4 
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FXS INTERFACE CONFIGURATION COMMAND SET 


To activate the FXS Interface Configuration mode, enter the interface fxs command and specify the FXS 
port at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface fxs 2/1 
(config-fxs 2/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


impedance on page 1224 

loopback on page 1225 
ring-voltage <value> on page 1226 
rx-gain <value> on page 1227 
signal on page 1228 

test commands begin on page 1229 
tx-gain <value> on page 1234 
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impedance 


Use the impedance command to configure the AC impedance of the 2-wire interface. Use the no form of 
this command to return to the default value. Variations of this command include: 


impedance 600c 
impedance 600r 
impedance 900b 
impedance 900c 
impedance 900r 


Syntax Description 


600c Specifies an impedance of 600 © + 2.16 UF. 

600r Specifies an impedance of 600 Q real. 

900b When directed by ADTRAN, use with part number 1203602L1 only. 
900c Specifies an impedance of 900 Q + 2.16 LIF. 

900r Specifies an impedance of 900 Q real. 


Default Values 





The default for this command is 600r. 


Command History 


Release 6.1 Command was introduced. 
Release A1 Command was expanded to include the 900b impedance setting. 


Usage Examples 





The following example sets the impedance to 600 Q + 2.16 LF: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#impedance 600c 
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loopback 


Use the loopback command to activate a loopback toward the T1 network side on the FXS module. Use 
the no form of this command to deactivate the loopback. Variations of this command include: 


loopback analog 
loopback digital 


Syntax Description 





analog Initiates a loopback toward the T1 network side of the connection after 
passing through analog filters in the voice CODEC. 

digital Initiates the same loopback before passing through analog filters in the 
voice CODEC. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example activates a loopback toward the T1 network side of the connection after passing 
through analog filters in the voice CODEC: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#loopback analog 
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ring-voltage <value> 
The ring-voltage command set the ring voltage for the FXS interface. Increasing the ring voltage, sends a 


stronger ring signal to the phones connected to this interface. Use the no form of this command to return to 
the default value. 


Syntax Description 





<value> Specifies a ring voltage. Select from 50, 60 or 70 Vrms. 


Default Values 





By default, ring-voltage is set to 50 Vrms. 


Command History 





Release 6.1 Command was introduced. 


Usage Example 





The following example sets the ring-voltage to 60 Vrms: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#ring-voltage 60 
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rx-gain <value> 
Use the rx-gain command to define the receive gain characteristics on the FXS interface. Receive gain 


determines the amplification of the received signal before transmitting out the FXS interface. Use the no 
form of this command to return to the default. 


Syntax Description 





<value> Defines the receive gain characteristics for the interface in 0.1 decibel 
increments. Range is -12.0 to 6.0 dB. 


Default Values 





By default, this command is set to -3.0 dB. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





When increasing this value, the signal being received on this port sounds louder. When decreasing this 
value, the signal being received on this port sounds softer. 


Usage Examples 





The following example defines the receive gain as -6.4 dB: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#rx-gain -6.4 
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signal 


The signal command configures the signaling mode for the FXS interface. Use the no form of this 
command to return to the default. Variations of this command include: 


signal ground-start 
signal loop-start 


Syntax Description 





ground-start Applies resistance to the tip conductor of the circuit to indicate an off-hook 
condition. 
loop-start Bridges the tip and ring to indicate an off-hook (seizing the line) condition. 


Default Values 





By default, this command is set to loop-start. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





This signaling mode must match the configuration of the network. 


Usage Examples 


The following example sets the signaling mode to loop-start: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#signal loop-start 
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test battery 
Use the test battery command to provide battery on the 2-wire FXS interface. This is helpful when 


troubleshooting wiring problems with the FXS equipment. Use the no form of this command to disable this 
feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example provides battery on the 2-wire FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#test battery 
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test reverse-battery 
Use the test reverse-battery command to provide reverse battery polarity on the FXS interface. This is 


helpful when troubleshooting wiring problems with the FXS equipment. Use the no form of this command 
to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example provides reverse battery polarity on the FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#test reverse-battery 
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test ringing 
Use the test ringing command to activate ringing voltage on the 2-wire FXS interface (using a 


2-seconds-on/4-seconds-off cadence). The no version of this command removes the ringing voltage from 
the interface. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example activates ringing voltage on the 2-wire FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#test ringing 
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test tip-open 
Use the test tip-open command to provide battery on ring and a high impedance on tip. This is helpful 


when troubleshooting problems with ground-start interfaces. Use the no form of this command to disable 
this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example provides battery on ring and a high impedance on tip on the FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#test tip-open 
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test tone 


Use the test tone command to activate the 1 kHz test tone. Use the no form of this command to deactivate 
the test tone. Variations of this command include: 


test tone near 
test tone far 


Syntax Description 





near Sends the test tone toward the FXS interface. 
far Sends the test tone out the T1 network interface to the remote end. 


Default Values 





By default, this command is disabled. 


Command History 


Release 6.1 Command was introduced. 


Usage Examples 





The following example sends the test tone toward the FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#test tone near 
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tx-gain <value> 
Use the tx-gain command to define the transmit gain characteristics (configured in 0.1 dB increments) on 


the FXS interface. Transmit gain determines the amplification of the received signal before transmitting 
from the FXS interface toward the network. Use the no form of this command to return to the default. 


Syntax Description 





<value> Defines the transmit gain characteristics for the interface in 0.1 decibel 
increments. Range is -12.0 to 6.0 dB. 


Default Values 





By default, this command is set to -6.0 dB. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





When increasing this value, the signal being transmitted to the far end will sound louder. When decreasing 
this value, the signal being transmitted to the far end sounds softer. 


Usage Examples 





The following example defines the transmit gain as -6.4 dB on the FXS interface: 


(config)#interface fxs 2/1 
(config-fxs 2/1)#tx-gain -6.4 
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G.703 INTERFACE CONFIGURATION COMMAND SET 


To activate the G.703 Interface Configuration mode, enter the interface e1 command (and specify the 
G.703 port) at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface e1 1/2 
(config-e1 1/2)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


coding on page 1236 

framing crc4 on page 1237 
loopback network on page 1238 
snmp trap link-status on page 1239 
test-pattern on page 1240 

ts16 on page 1241 
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coding 


Use the coding command to configure the line coding for the G.703 physical interface. This setting must 
match the line coding supplied on the circuit by the PBX. Use the no form of this command to return to the 
default setting. Variations of this command include: 


coding ami 
coding hdb3 


Syntax Description 





ami Configures the line coding for alternate mark inversion (AMI). 
hdb3 Configures the line coding for high-density bipolar 3 (HDB3). 


Default Values 





By default, all E1 interfaces are configured with HDBS line coding. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The line coding configured in the unit must match the line coding of the E1 circuit. A mismatch will result in 
line errors (e.g., BPVs). 


Usage Examples 





The following example configures the G703 interface for AMI line coding: 


(config)#interface e1 1/2 
(config-e1 1/2)#coding ami 
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framing crc4 
Use the framing cre4 command to configure the framing format for the G.703 interface. This parameter 


should match the framing format set on the external device. Use the no form of this command to return to 
the default value. 


Syntax Description 





crc4 Enables CRC4 bits to be transmitted in the outgoing data stream. Also, the 
received signal is checked for CRC4 errors. 


Default Values 
By default, CRC4 is enabled. 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The framing value must match the configuration of the E1 circuit. A mismatch will result in a loss of frame 
alarm. 


Usage Examples 





The following example configures the G.703 interface for CRC4 framing: 


(config)#interface e1 1/2 
(config-e1 1/2)#framing crc4 
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loopback network 


Use the loopback network command to initiate a loopback on the interface toward the network. Use the 
no form of this command to deactivate the loopback. Variations of this command include: 


loopback network line 
loopback network payload 


Syntax Description 





line Initiates a metallic loopback of the physical E1 network interface. 
payload Initiates a loopback of the E1 framer (CSU portion) of the E1 network 
interface. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The following diagram depicts a line loopback. 
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Usage Examples 





The following example initiates a line loopback of the G.703 interface: 


(config)#interface e1 1/2 
(config-e1 1/2)#loopback network line 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the G.703 interface: 


(config)#interface e1 1/2 
(config-e1 1/2)#no snmp trap link-status 
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test-pattern 


Use the test-pattern command to activate the built-in pattern generator and begin sending the specified 
test pattern. This pattern generation can be used to verify a data path when used in conjunction with an 
active loopback. Use the no form of this command to cease pattern generation. Variations of this command 
include: 


test-pattern ones 
test-pattern zeros 


Syntax Description 





ones Generates a test pattern of continous ones. 
zeros Generates a test pattern of continous zeros. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 5.1 Command was introduced. 
Release 6.1 Command was expanded to include E1 and G.703 interfaces. 


Usage Examples 





The following example activates the pattern generator for a stream of continuous ones: 


(config)#interface e1 1/2 
(config-e1 1/2)#test-pattern ones 
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ts16 


Use the ts16 command to enable timeslot 16 multiframe to be checked on the receive signal. Use the no 
form of this command to disable timeslot 16. 


Syntax Description 


No subcommanads. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables timeslot 16 multiframing: 


(config)#interface e1 1/2 
(config-e1 1/2)#ts16 
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HSSI INTERFACE CONFIGURATION COMMAND SET 





To activate the HSSI Interface Configuration mode, enter the interface hssi command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface hssi 1/1 
(config-hssi 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


external-loopback-request on page 1243 
loopback on page 1244 
snmp trap link-status on page 1245 
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external-loopback-request 


Use the external-loopback-request command to enable LC (loopback circuit C) input to control 
loopbacks toward the network. Use the no form of this command to disable. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example enables the unit to accept external loopback requests: 


(config)#interface hssi 1/1 
(config-hssi 1/1)#external-loopback-request 
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loopback 


Use the loopback command to initiate or remove a loopback. Use the no loopback command to disable all 
loopbacks. Variations of this command include: 


loopback dce 
loopback dte 
loopback line 
loopback remote 
loopback none 


Syntax Description 


dce Initiates a loopback on the DCE. 
dte Initiates a loopback on the DTE. 
line Initiates a local line loopback. 
remote Initiates a remote line loopback. 
none Removes an active loopback. 


Default Values 





By default, no loopbacks are active. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example initiates a local line loopback on the HSSI interface: 


(config)#interface hssi 1/1 
(config-hssi 1/1)#loopback line 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the interface: 


(config)#interface hssi 1/1 
(config-hssi 1/1)#no snmp trap link-status 
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MODEM INTERFACE CONFIGURATION COMMAND SET 





To activate the Modem Interface Configuration mode, enter the interface modem command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface modem 1/2 
(config-modem 1/2)# 





The modem interface number in the example above is shown as modem 1/2. This number is 
based on the interface’s location (slot/port) and could vary depending on the unit’s 

‘ore configuration. Use the do show interfaces command to determine the appropriate 
interface number. 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


caller-id override on page 1247 
dialin on page 1248 
init-string <string> on page 1249 


resource pool-member on page 1250 
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caller-id override 


Use the caller-id override command to configure the unit to replace caller ID information with a 
user-specified number. Use the no form of this command to disable any caller ID overrides. Variations of 
this command include: 


caller-id override always <number> 
caller-id override if-no-cid <number> 


Syntax Description 





always <number> Always forces replacement of the incoming caller ID number with the 
number given. 


if-no-cid <number> Replaces the incoming caller ID number with the number given only if there 
is no caller ID information available for the incoming call. 


Default Values 


By default, this command is disabled. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





This command forces a replacement of the incoming caller ID number with the number given. The received 
caller ID, if any, is discarded, and the given override number is used to connect the incoming call to a 
circuit of the same number. 


Usage Examples 





The following example configures the unit to always provide the given number as the caller ID number: 


(config)#interface modem 1/2 
(config-modem 1/2)#caller-id override always 5555555 
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dialin 


Use the dialin command to enable the modem for remote console dial-in, disabling the use of the modem 
for dial-backup. Use the no form to this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, dialin is disabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example enables remote console dial-in: 


(config)#interface modem 1/2 
(config-modem 1/2)#dialin 
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init-string <string> 


Use the init-string command to specify an initialization string for the modem using standard AT 
commands. Use the no form of this command to return to the default initialization string. 


Syntax Description 


<string> Specifies an initialization string using standard AT commands. This string 
must start with AT and cannot contain spaces. 


Default Values 





<string> ate0q0v1x4\n0 
at All initialization strings must begin with AT. 
e0 Disables command echo. 
qO Response messages on. 
v1 ——~- Formats result codes in long word form. 
x4 Specifies extended response set, dial tone, and busy signal 
detection for result codes following modem operations. 
\nO0_ Selects standard buffered connection only. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example configures the modem to perform a hang-up at each initialization (to verify that the 
line is free) and maintains the default initialization: 


(config)#interface modem 1/2 
(config-modem 1/2)#init-string ateOQqOv1 x4\n0 
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resource pool-member 


Use the resource pool-member command to assign the interface to a resource pool, making it a demand 
routing resource. Use the no form of this command to return to the default value. Variations of this 
command include: 


resource pool-member <name> 
resource pool-member <name> <cost> 


Syntax Description 





<name> Specifies the name of the resource pool to which this interface is assigned. 


<cost> Optional. Specifies the cost of using this resource interface within the 
specified pool. In the event of a tie, a resource with a lower cost will be 
selected first. Interfaces with the same cost will be selected in alphabetical 
order by interface name. 


Default Values 


By default, the interface is not assigned to any resource pool. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example configures a BRI interface as a member of resource pool MyPool: 


(config)#interface modem 1/2 
(config-modem 1/2)#resource pool-member MyPool 
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PRI INTERFACE CONFIGURATION COMMAND SET 


To activate the PRI Interface Configuration mode, enter the interface pri command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface pri 2 
(config-pri 2)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
description <text> on page 48 
do on page 49 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


calling-party on page 1252 

connect tl <slot/port> tdm-group <number> on page 1253 
digits-transferred <value> on page 1254 

isdn name-delivery on page 1255 

isdn switch-type on page 1256 

role on page 1257 
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calling-party 


Use the calling-party command to configure and control the PRI outgoing caller ID information. Use the 
no form of these commands to disable these features. Variations of this command include: 


calling-party name <name> 
calling-party number <number> 
calling-party override always 
calling-party override if-no-CID 
calling-party presentation allowed 
calling-party presentation not-available 
calling-party presentation restricted 


Syntax Description 





name <name> Configure the calling party name for the PRI. 

number <number> Configure the calling party number for the PRI. 

override always Enables the calling party to be replaced with the override number. 
override if-no-CID Enables the calling party to be replaced if caller ID no number is received. 
presentation allowed Enables the presentation of caller ID to always be allowed. 


presentation not-available Sets the calling party number to not available. 
presentation restricted Restricts the delivery on the caller ID information. 


Default Values 


By default, the command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures calling party outgoing information: 


config)#interface pri 2 

config-pri 2)#calling-party override always 
config-pri 2)#calling-party presentation 555-8000 
config-pri 2)#calling-party name Company, Inc. 


aN Ne 
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connect t1 <s/ot/port> tdm-group <number> 


Use the connect t1 tdm-group command to configure the TDM group connection used for the PRI 
interface. Use the no form of this command to return to the default value. 


Syntax Description 


<slot/port> Configure the T1 interface identifier. 
<number> Configure the TDM group number. Valid range is 1 to 255. 


Default Values 





By default, the command is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the unit to connect tdm-group 1 of the T1 to the PRI: 


(config)#interface pri 2 
(config-pri 2)#connect t1 1/1 tdm-group 1 
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digits-transferred <value> 


Use the digits-transferred command to define how many of the received digits should be sent to the 
internal switchboard from an incoming call on a Trunk. The number of digits transferred are the least digits 
received. Direct Inward Dialing (DID) should be used if a Telco provider is providing digits to the unit on 
inbound calls or if the unit needs to provide DID information to a piece of CPE equipment. Use the no 
form of this command to disable this feature. Variations of this command include: 


digits-transferred <value> 
digits-transferred <value> no-prefix 
digits-transferred <va/ue> prefix <number> 


Syntax Description 


<value> Specifies the number of digits to be transferred. The valid number of digits 
are 0, 3, 4, 7 or all. 

no-prefix Optional. Specifies transferring the DID digits without appending a prefix. 

prefix <number> Optional. Specifies a sequence of digits to be appended to the digits that will 


be transmitted. For example, if seven digits will be transferred via DID, then 
prefix the seven digits with 256. Thus 555-8000 would be prefixed with 256, 
and 256-555-8000 would n. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 14.1 Command was introduced. 


Usage Examples 





The following example transfers the digits 555-8000 and adds the prefix 256: 
(config-pri 2)#digits-transferred 5558000 prefix 256 
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isdn name-delivery 


Use the isdn name-delivery command to control the delivery of the name associated with the PRI. This 
command can be used to block the caller ID name on the PRI. Use the no form of this command to return 
to the default setting. Variations of this command include: 


isdn name-delivery display 
isdn name-delivery proceeding 
isdn name-delivery setup 


Syntax Description 





display Delivers the calling party’s name in the setup message 
proceeding Delivers the calling party’s name in the proceeding message. 
setup Delivers the calling party’s name in the setup message. 


Default Values 





By default, isdn name-delivery is disabled. 


Command History 


Release 11.1 Command was introduced. 
Release 14.1 Command was updated. 


Usage Examples 





The following example configures the calling party information to be delivered in the setup message: 


(config)#interface pri 2 
(config-pri 2)#isdn name-delivery setup 
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isdn switch-type 


Use the isdn switch-type command to configure the switch type assigned on for PRI circuit. Telephone 
companies use various types of ISDN switches and this setting must match the switch type used by your 
provider. Use the no form of this command to return to the default setting. Variations of this command 
include: 


isdn switch-type 4ess 
isdn switch-type 5ess 
isdn switch-type dms100 
isdn switch-type ni2 


Syntax Description 





4ess Sets the ISDN switch type to ATT 4ESS. 

5ess Sets the ISDN switch type to Lucent 5ESS. 
dms100 Sets the ISDN switch type to Northern ISDN II. 
ni2 Sets the ISDN switch type to National ISDN II. 


Default Values 





By default, the command is set to ni2. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the PRI switch type National ISDN II: 


(config)#interface pri 2 
(config)#isdn switch-type ni2 
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role 


Use the role command to configure the interface protocol to use on the PRI. This setting controls the 
functional mode of the interface. Use the no form of this command to return to the default setting. 


Variations of this command include: 


role network 

role network b-channel-restarts disable 
role network b-channel-restarts enable 
role user 


Syntax Description 





network Sets the port to operate in Network Termination (NT) mode. 
b-channel-restarts disable Optional. Disables B-channel restarts. 
b-channel-restarts enable Optional. Enables B-channel restarts. 
user Sets the port to operate in Terminal Equipment (TE) mode. 


Default Values 





By default, the role is set to network b-channel-restarts disable. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the interface protocol as user on the PRI: 


(config)#interface pri 2 
(config)#role user 
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SERIAL INTERFACE CONFIGURATION COMMAND SET 





To activate the Serial Interface Configuration mode, enter the interface serial command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface serial 1/1 
(config-ser 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


et-clock-source on page 1259 
ignore dcd on page 1260 

invert etclock on page 1261 

invert rxclock on page 1262 

invert txclock on page 1263 
serial-mode on page 1264 

snmp trap on page 1265 

snmp trap link-status on page 1266 
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et-clock-source 


Use the et-clock-source command to configure the clock source used when creating the external transmit 
reference clock (et-clock). Use the no form of this command to return to the default value. Variations of 
this command include: 


et-clock-source rxclock 
et-clock-source txclock 


Syntax Description 





rxclock Uses the clock recovered from the receive signal to generate et-clock. 
txclock Uses the clock recovered from the transmit signal to generate et-clock. 


Default Values 





By default, the clock recovered from the transmit signal is used to generate the et-clock. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The external transmit clock (et-clock) is an interface timing signal (provided by the DTE device) used to 
synchronize the transfer of transmit data. 


Usage Examples 





The following example configures the serial interface to recover the clock signal from the received signal 
and use it to generate et-clock: 


(config)#interface serial 1/1 
(config-ser 1/1)#et-clock-source rxclock 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1259 


Command Reference Guide Serial Interface Configuration Command Set 





ignore dcd 


Use the ignore decd command to specify the behavior of the serial interface when the Data Carrier Detect 
(DCD) signal is lost. Use the no form of this command to return to the default value. 


Syntax Description 


No subcommanas. 


Default Values 





By default, the serial interface does not ignore a change in status of the DCD signal. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When configured to follow DCD (default condition), the serial interface will not attempt to establish a 
connection when DCD is not present. When configured to ignore DCD, the serial interface will continue to 
attempt to establish a connection even when DCD is not present. 


Usage Examples 





The following example configures the serial interface to ignore a loss of the DCD signal: 


(config)#interface serial 1/1 
(config-ser 1/1)#ignore dcd 
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invert etclock 
Use the invert etclock command to configure the serial interface to invert the external transmit reference 


clock (et-clock) in the data stream before transmitting. Use the no form of this command to return to the 
default value. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the serial interface does not invert et-clock. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





If the serial interface cable is long, causing a phase shift in the data, the et-clock can be inverted using the 
invert etclock command. This switches the phase of the clock, which compensates for a long cable. 


Usage Examples 





The following example configures the serial interface to invert et-clock: 


(config)#interface serial 1/1 
(config-ser 1/1)#invert etclock 
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invert rxclock 


Use the invert rxclock command to configure the serial interface to expect an inverted receive clock 
(found in the received data stream). Use the no form of this command to return to the default value. 


Syntax Description 


No subcommanas. 


Default Values 





By default, the serial interface does not expect an inverted receive clock (rxclock). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





If the serial interface cable is long, causing a phase shift in the data, the transmit clock can be inverted 
using the invert txclock command (refer to invert txclock on page 1263). This switches the phase of the 
clock, which compensates for a long cable. If the transmit clock of the connected device is inverted, use 
the invert rxclock command to configure the receiving interface appropriately. 


Usage Examples 





The following example configures the serial interface to invert receive clock: 


(config)#interface serial 1/1 
(config-ser 1/1)#invert rxclock 
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invert txclock 
Use the invert txclock command to configure the serial interface to invert the transmit clock (found in the 


transmitted data stream) before sending the signal. Use the no form of this command to return to the 
default value. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the serial interface does not invert transmit clock (txclock). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





If the serial interface cable is long, causing a phase shift in the data, the transmit clock can be inverted 
(using the invert txclock commana). This switches the phase of the clock, which compensates for a long 
cable. If the transmit clock of the connected device is inverted, use the invert rxclock command to 
configure the receiving interface appropriately. 


Usage Examples 





The following example configures the serial interface to invert the transmit clock: 


(config)#interface serial 1/1 
(config-ser 1/1)#invert txclock 
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serial-mode 


Use the serial-mode command to specify the electrical mode for the interface. Use the no form of this 
command to return to the default value. Variations of this command include: 


serial-mode eia530 
serial-mode v35 
serial-mode x21 


Syntax Description 





eia530 Configures the interface for use with the EIA 530 adapter cable 
(P/N 1200883L1). 

v35 Configures the interface for use with the V.35 adapter cable 
(P/N 1200873L1). 

x21 Configures the interface for use with the X.21 adapter cable 


(P/N 1200874L1). 


Default Values 





By default, the serial interface is configured for a V.35 adapter cable. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The pinouts for each of the available interfaces can be found in the Hardware Configuration Guide located 
on the AOS Documentation CD (provided in shipment). 


Usage Examples 





The following example configures the serial interface to work with the X.21 adapter cable: 


(config)#interface serial 1/1 
(config-ser 1/1)#serial-mode x21 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP on the serial interface: 


(config)#interface serial 1/1 
(config-ser 1/1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the serial interface: 


(config)#interface serial 1/1 
(config-ser 1/1)#no snmp trap link-status 
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SHDSL INTERFACE CONFIGURATION COMMAND SET 


To activate the SHDSL Interface Configuration mode, enter the interface shdsl command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config#)interface shdsl 1/1 
(config-shdsl 1/1)# 





‘oe Not all SHDSL commands apply to all SHDSL interfaces. Type interface shdsl <slot/port> 


to display a list of valid commands. 





The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


alarm-threshold on page 1268 

annex on page 1269 

boot alternate-image on page 1270 
equipment-type on page 1271 
ignore-error-duration <time> on page 1272 
inband-detection on page 1273 
inband-protocol on page 1274 
line-mode on page 1275 

linerate <value> on page 1276 
loopback on page 1277 

loopback remote inband on page 1278 
outage-retrain on page 1279 


test-pattern on page 1280 
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alarm-threshold 


Use the alarm-threshold command to set thresholds for specific alarm conditions. Use the no form of this 
command to disable threshold settings. Variations of this command include: 


alarm-threshold loop-attenuation <value> 
alarm-threshold snr-margin <value> 


Syntax Description 





loop-attenuation <value> Specifies a loop-attenuation threshold value from 1 to 127 GB. If signal 
energy loss on the loop exceeds the configured value, the router issues an 
alarm. 


snr-margin <value> Specifies a value for signal-to-noise ratio (SNR) margin from 1 to 15 GB. If 
the difference in amplitude between the baseband signal and the noise 
exceeds the configured value, the router issues an alarm. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 


The following example sets the loop attenuation threshold at 45 dB: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#alarm-threshold loop-attenuation 45 
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annex 


Use the annex command to select the SHDSL operating mode supported on this interface. Use the no form 
of this command to return to the default setting. Variations of this command include: 


annex a 
annex a-or-b 
annex b 


Syntax Description 





a Specifies Annex A (North America operating parameters). 


a-or-b Specifies Annex A or B. This feature allows for the detection and then 
selection of the annex type during training. 


b Specifies Annex B (Europe operating parameters). 


Default Values 





By default, the SHDSL operating mode is set to a-or-b. 


Command History 


Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the operating mode to annex a: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#annex a 
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boot alternate-image 


Use the boot alternate-image command to execute new code after a firmware upgrade. 


Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 


The current SHDSL NIM card (P/N 1200867L1) supports two code images commonly referred to as the 
“active” image and the “inactive” image. When a firmware upgrade is performed on the card (through the 
copy <filename> interface shdsl x/y Enable mode commana), the new firmware is placed in the “inactive’ 
image space. This new code will not be executed until the boot alternate-image command is issued. 
When the user does this, the NIM will reboot (taking the current line down) with the new code. At this point, 
the old code becomes the “inactive” image and the new recently updated code becomes the “active” 
image. 





Hy 


Usage Examples 





The following example causes the firmware upgrade to take effect: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#boot alternate-image 
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equipment-type 


Use the equipment-type command to determine the operating mode for the SHDSL interface. Use the no 
form of this command to return to the default setting. Variations of this command include: 


equipment-type co 
equipment-type cpe 


Syntax Description 





co Use this option only in a campus environment when operating two SHDSL 
network interface modules (NIMs) back-to-back. In this setup, configure the 
master NIM to CO and the slave NIM to CPE. 


cpe Use this option when interfacing directly with your service provider or when 
acting as the slave NIM in a campus environment. 


Default Values 


The default for this command is cpe. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example changes the operating mode of the SHDSL interface to CO: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#equipment-type co 
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ignore-error-duration <time> 


Use the ignore-error-duration command to specify the amount of time that errors are ignored during line 
training. Use the no form of this command to return to the default setting. 


Syntax Description 


<time> Specifies time in seconds. Valid range is 15 to 30 seconds. 


Default Values 





By default, ignore error duration is set to 15 seconds. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the amount of time errors are ignored during line training to 25 seconds: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#ignore-error-duration 25 
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inband-detection 


Use the inband-detection command to enable inband loopback pattern detection on the SHDSL interface. 
Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example disables inband loopback pattern detection: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#no inband-detection 
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inband-protocol 


Use the inband-protocol command to designate the inband loopback pattern to send/detect on the SHDSL 
interface. Use the no form of this command to return to default. Variations of this command include: 


inband-protocol pn127 
inband-protocol v54 


Syntax Description 





pn127 Selects PN127 as the inband loopback pattern to send/detect. 
v54 Selects V.54 as the inband loopback pattern to send/detect. 


Default Values 





By default, the inband loopback pattern is set to v54. 


Command History 


Release 4.1 Command was introduced. 


Functional Notes 





Inband loopbacks are specific patterns that are sent in place of user data to trigger a loopback. Both 
PN127 and V.54 are industry-standard loopback patterns used to allow remote loopbacks. 


Usage Examples 


The following example sets the inband loopback pattern for PN127: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#inband-protocol pn127 
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line-mode 


Use the line-mode command to select the controller line mode. Use the no form of this command to return 
to the default setting. Variations of this command include: 


line-mode 2-wire 
line-mode 4-wire 


Syntax Description 





2-wire Specifies two-wire mode. 
4-wire Specifies four-wire mode for extended operation. 


Default Values 





By default, the DSL operating mode is set to 2-wire. 


Command History 


Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the line mode to 4-wire: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#line-mode 4-wire 
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linerate <value> 


Use the linerate command to define the line rate for the SHDSL interface (the value includes 8 kbps of 
framing overhead). This command is functional only in CO operating mode (refer to equipment-type on 
page 1271). The first two selections listed in the CLI (72 and 136 kbps) are not supported by the SHDSL 
NIM (P/N 1200867L1). Use the no form of this command to return to the default setting. 


Syntax Description 





<value> Specifies the line rate in kbps. Range is 200 to 2312 kbps in 64k 
increments. 


Default Values 





By default, the line rate is set to 2056 kbps. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 
The following example changes the line rate of the SHDSL interface to 264 kbps: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#linerate 264 
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loopback 


Use the loopback command to initiate a loopback test on the SHDSL interface. Use the no form of this 
command to deactivate the loopback. Variations of this command include: 


loopback analog 
loopback digital 
loopback network 
loopback remote 


Syntax Description 





analog Loops the circuit at the analog hybrid. 

digital Loops the circuit at the framer. 

network Loops data back towards the network. 

remote Transmits a network loopback request. This command is functional only in 


CO operating mode (refer to equipment-type on page 1271). 


Default Values 





No default value is necessary for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 15.1 Command was expanded to include analog and digital loopbacks. 


Usage Examples 





The following example initiates a loopback test on the SHDSL interface that will loop the data back toward 
the network: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#loopback network 
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loopback remote inband 
Use the loopback remote inband command to inject the selected inband loop-up pattern into the data 


stream to cause a loopback at the far end. Use the no form of this command to inject a loop-down pattern 
into the data stream to cause an existing inband loopback at the far end to cease. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is enabled. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example injects a loop-down pattern into the data stream, causing existing loopbacks at the 
far end to stop: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#no loopback remote inband 
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outage-retrain 


Use the outage-retrain command to cause the SHDSL interface to force the SHDSL retrain sequence 
(which takes the line down temporarily) if the interface detects more than ten consecutive errored seconds. 
A retrain is forced in hopes that the newly retrained line will achieve better performance than the previous 
training state. Use the no version of the command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example forces a retrain sequence on the SHDSL interface: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#outage-retrain 
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test-pattern 


Use the test-pattern command to activate the built-in pattern generator and begin sending the selected test 
pattern toward the network. This pattern generation can be used to verify a data path when used in 
conjunction with an active loopback. Use the no form of this command to cease pattern generation. 
Variations of this command include: 


test-pattern clear 
test-pattern errors 
test-pattern insert 
test-pattern p215 


Syntax Description 





clear Clears the test pattern error count. 

errors Displays the test pattern error count. 

insert Inserts an error into the currently active test pattern. 

p215 Generates a pseudorandom test pattern sequence based on a 15-bit shift 
register. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sends a 215 test pattern: 


(config)#interface shdsl 1/1 
(config-shdsl 1/1)#test-pattern p215 
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T1 INTERFACE CONFIGURATION COMMAND SET 


To activate the T1 Interface Configuration mode, enter the interface t1 command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface t1 1/1 
(config-t1 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


clock source on page 1282 

coding on page 1283 

fdl on page 1284 

framing on page 1285 

lbo on page 1286 

loopback commands begin on page 1287 
remote-alarm rai on page 1290 
remote-loopback on page 1291 

snmp trap line-status on page 1292 
snmp trap link-status on page 1293 
snmp trap threshold-reached on page 1294 
tdm-group <number> on page 1296 
test-pattern on page 1297 
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clock source 


Use the clock source command to configure the source timing used for the interface. Use the no form of 
this command to return to the default value. Variations of this command include: 


clock source internal 

clock source line 

clock source system 

clock source through 

clock source through t1 </nterface id> 


Syntax Description 


internal Configures the unit to provide clocking using the internal oscillator. 

line Configures the unit to recover clocking from the T1 circuit. 

system Configures the unit to provide clocking using the system clock. 
through Configures the unit to recover clocking from the circuit connected to the 


DSX-1 interface. 


through t1 <interface id> Configures the unit to recover clocking from the alternate interface. Only 
valid on T1 systems with multiple T1 interfaces and a single clock source. 


Default Values 





By default, the clock source is set to line. 


Command History 


Release 1.1 Command was introduced. 
Release 13.1 Command was expanded to include system as a clocking source. 


Functional Notes 





When operating on a circuit that is providing timing, setting the clock source to line can avoid errors such 
as Clock Slip Seconds (CSS). 


Usage Examples 





The following example configures the unit to recover clocking from the primary circuit: 


(config)#interface t1 1/1 
(config-t1 1/1)#clock source line 
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coding 


Use the coding command to configure the line coding for a T1 physical interface. This setting must match 
the line coding supplied on the circuit by the service provider. Use the no form of this command to return 
to the default setting. Variations of this command include: 


coding ami 
coding b8zs 


Syntax Description 





ami Configures the line coding for alternate mark inversion (AMI). 
b8zs Configures the line coding for bipolar eight zero substitution (B8ZS). 


Default Values 





By default, all T1 interfaces are configured with B8ZS line coding. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The line coding configured in the unit must match the line coding of the T1 circuit. A mismatch will result in 
line errors (e.g., BPVs). 


Usage Examples 





The following example configures the T1 interface for AMI line coding: 


(config)#interface t1 1/1 
(config-t1 1/1)#coding ami 
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fdl 


Use the fdl command to configure the format for the facility data link (FDL) channel on the TI circuit. 
FDL channels are only available on point-to-point circuits. Use the no form of this command to return to 
the default value. Variations of this command include: 


fdl ansi 
fdl att 
fdl none 


Syntax Description 





ansi Configures the FDL for ANSI T1.403 standard. 
att Configures the FDL for AT&T TR 54016 standard. 
none Disables FDL on this circuit. 


Default Values 





By default, the FDL is configured for ansi. 


Command History 


Release 1.1 Command was introduced. 


Functional Notes 





T1 circuits using ESF framing format (specified using the framing command) reserve 12 bits as a data link 
communication channel, referred to as the FDL, between the equipment on either end of the circuit. The 
FDL allows the transmission of trouble flags such as the Yellow Alarm signal. Refer to framing on page 
1285 for related information. 


Usage Examples 





The following example disables the FDL channel for the T1 circuit: 


(config)#interface t1 1/1 
(config-t1 1/1)#fdl none 
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framing 


Use the framing command to configure the framing format for the T1 interface. This parameter should 
match the framing format supplied by your network provider. Use the no form of this command to return 
to the default value. Variations of this command include: 


framing d4 
framing esf 


Syntax Description 





d4 Specifies D4 superframe (SF) format. 
esf Specifies extended superframe (ESF) format. 


Default Values 





By default, the framing format is set to esf. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A frame is comprised of a single byte from each of the T1’s timeslots; there are 24 timeslots on a single T1 
circuit. Framing bits are used to separate the frames and indicate the order of information arriving at the 
receiving equipment. D4 and ESF are two methods of collecting and organizing frames over the circuit. 


Usage Examples 





The following example configures the T1 interface for D4 framing: 


(config)#interface t1 1/1 
(config-t1 1/1)#framing d4 
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Ibo 


Use the Ibo command to configure the line build out (LBO) for the T1 interface. Use the no form of this 
command to return to the default value. Variations of this command include: 


Ibo short <value> 
Ibo long <value> 


Syntax Description 





long <value> Configures the LBO (in dB) for T1 interfaces with cable lengths greater than 
655 feet. Choose from -22.5, -15, -7.5, and 0 dB. 
short <value> Configures the LBO (in feet) for T1 interfaces with cable lengths less than 


655 feet. Range is 0 to 655 feet. 


Default Values 
By default, the build out is set to 0 dB. 





Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Line build out (LBO) is artificial attenuation of a T1 output signal to simulate a degraded signal. This is 
useful to avoid overdriving a receiver’s circuits. The shorter the distance between T1 equipment 
(measured in cable length), the greater the attenuation value. For example, two units in close proximity 
should be configured for the maximum attenuation (-22.5 dB). 


Usage Examples 





The following example configures the T1 interface LBO for -22.5 dB: 


(config)#interface t1 1/1 
(config-t1 1/1)#Ibo -22.5 
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loopback network 


Use the loopback network command to initiate a loopback on the interface toward the network. Use the 


no form of this command to deactivate the loopback. Variations oft his command include: 


loopback network line 
loopback network payload 


Syntax Description 





line Initiates a metallic loopback of the physical T1 network interface. 
payload Initiates a loopback of the T1 framer (CSU portion) of the T1 network 
interface. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The following diagram depicts the difference between a line and payload loopback. 


T1 Network Interface 











Payload Loopback 
Line Loopback 








Usage Examples 


The following example initiates a payload loopback of the T1 interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#loopback network payload 
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loopback remote line 


Use the loopback remote line command to send a loopback code to the remote unit to initiate a line 
loopback. Use the no form of this command to send a loopdown code to the remote unit to deactivate the 
loopback. Variations of this command include: 


loopback remote line fdl 
loopback remote line inband 


Syntax Description 





fdl Uses the facility data link (FDL) to initiate a full 1.544 Mbps physical 
(metallic) loopback of the signal received by the remote unit from the 
network. 

inband Uses the inband channel to initiate a full 1.544 Mbps physical (metallic) 


loopback of the signal received by the remote unit from the network. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


The following diagram depicts the difference between a line and payload loopback. 
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Usage Examples 





The following example initiates a remote line loopback using the FDL: 


(config)#interface t1 1/1 
(config-t1 1/1)#loopback remote line fdl 
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loopback remote payload 


Use the loopback remote payload command to send a loopback code to the remote unit to initiate a 
payload loopback. A payload loopback is a 1.536 Mbps loopback of the payload data received from the 
network maintaining bit-sequence integrity for the information bits by synchronizing (regenerating) the 
timing. Use the no form of this command to send a loopdown code to the remote unit to deactivate the 
loopback. 


Syntax Description 





No subcommanas. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


The following diagram depicts the difference between a line and payload loopback. 





T1 Network Interface 
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Usage Examples 
The following example initiates a remote payload loopback: 


(config)#interface t1 1/1 
(config-t1 1/1)#loopback remote payload 
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remote-alarm rai 


The remote-alarm rai command selects the alarm signaling type to be sent when a loss of frame is 
detected on the T1 receive signal. Use the no form of this command to disable all transmitted alarms. 


Syntax Description 


rai Specifies sending a remote alarm indication (RAI) in response to a loss of 
frame. Also prevents a received RAI from causing a change in interface 
operational status. 


Default Values 





The default for this command is rai. 


Command History 





Release 7.1 Command was expanded to include the T1 interface. 


Usage Examples 





The following example enables transmission of RAI in response to a loss of frame: 


(config)#interface t1 1/1 
(config-t1 1/1)#remote-alarm rai 
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remote-loopback 


Use the remote-loopback command to configure the interface to respond to loopbacks initiated by a 
remote unit (or the service provider). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces respond to remote loopbacks. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables remote loopbacks on the T1 interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#remote-loopback 
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snmp trap line-status 
Use the snmp trap line-status command to control the Simple Network Management Protocol (SNMP) 


variable dsx1LineStatusChangeTrapEnable (RFC 2495) to enable (or disable) the interface to send SNMP 
traps when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the dsx1LineStatusChangeTrapEnable OID is set to enabled for all interfaces except virtual 
Frame Relay Interfaces. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





The snmp trap line-status command is used to control the RFC 2495 dsx1LineStatusChangeTrapEnable 
OID (OID number 1.3.6.1.2.1.10.18.6.1.17.0). 


Usage Examples 





The following example disables the line-status trap on the T1 interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#no snmp trap line-status 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLink UpDownTrapEnable (RFC2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the T1 interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#no snmp trap link-status 
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snmp trap threshold-reached 


Use the snmp trap threshold-reached command to control the Simple Network Management Protocol 
(SNMP) variable adGenAOSDs1ThresholdReached (adGenAOSDs1-Ext MIB) to enable the interface to 
send SNMP traps when a DS1 performance counter threshold is reached. Use the no form of this command 
to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 
By default, the aJ4GenAOSDs1ThresholdReached OID is enabled for all interfaces. 





Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example disables SNMP threshold reached trap on the T1 interface: 


(config)#interface t1 1/1 
(config-t1 1/1)#no snmp trap threshold-reached 
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system timing 


Use the system timing command to configure the Rx clock as the primary or secondary timing source for 
the system. Use the no form of this command to disable this feature. 


Syntax Description 


primary Specifies the Rx clock as the primary timing source. 
secondary Specifies the Rx clock as the secondary timing source. 


Default Values 





There is no default for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example configures the T1 interface to provide its Rx clock as the primary timing source for 
the system: 


(config)#interface t1 1/1 
(config-t1 1/1)#system timing primary 
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tdm-group <number> 


Use the tdm-group command to create a group of contiguous DSOs on this interface to be used during the 
cross-connect process. Refer to cross-connect on page 45 for related information. Use the no form of this 
command to remove configured TDM groups. Variations of this command include: 


tdm-group <number> timeslots <value> 
tdm-group <number> timeslots <va/ue> speed [56 | 64] 





dt Changing tdm-group settings could result in service interruption. 





Syntax Description 





<number> Identifies the created TDM group. Valid range is 1 to 255. 


timeslots <value> Specifies the channels to be used in the TDM group. Valid range is 1 to 31. 
The timeslot value can be entered as a single number representing one of 
the 31 E1 channel timeslots or as a contiguous group of channels. (For 
example, 1-10 specifies the first 10 channels of the E1.) 


speed [56 | 64] Optional. Specifies the individual DSO rate on the T1 interface to be 
64 kbps. Only the T1 + DSX-1 Network Interface Module supports the 
56 kbps DSO rate. The default speed is 64 kbps. 


Default Values 





By default, there are no configured TDM groups. 


Command History 


Release 1.1 Command was introduced. 


Usage Examples 





The following example creates a TDM group (labeled 5) of 10 DSOs at 64 kbps each: 


(config)#interface t1 1/1 
(config-t1 1/1)#tdm-group 5 timeslots 1-10 speed 64 
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test-pattern 


Use the test-pattern command to activate the built-in pattern generator and begin sending the specified 
test pattern. This pattern generation can be used to verify a data path when used in conjunction with an 
active loopback. Use the no form of this command to cease pattern generation. Variations of this command 


include: 


test-pattern clear 
test-pattern errors 
test-pattern insert 
test-pattern ones 
test-pattern p215 
test-pattern p220 
test-pattern p511 
test-pattern qrss 
test-pattern zeros 


Syntax Description 





clear 
errors 
insert 
ones 
p215 


p220 


p511 
qrss 
zeros 


Default Values 


Clears the test pattern error count. 

Displays the test pattern errored seconds. 

Inserts an error into the currently active test pattern. 
Generates a test pattern of continous ones. 


Generates a pseudorandom test pattern sequence based on a 15-bit shift 
register. 


Generates a pseudorandom test pattern sequence based on a 20-bit shift 
register. 


Generates a test pattern of repeating ones and zeros. 
Generates a test pattern of random ones and zeros. 
Generates a test pattern of continous zeros. 





No default value is necessary for this command. 


Command History 





Release 1.1 


Usage Examples 


Command was introduced. 





The following example activates the pattern generator for a stream of continuous ones: 


(config)#interface t1 1/1 


(config-t1 1/1)#test-pattern ones 
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T3 INTERFACE CONFIGURATION COMMAND SET 


To activate the T3 Interface Configuration mode, enter the interface t3 command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface t3 1/1 
(config-t3 1/1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


clock source on page 1299 

coding b3zs on page 1300 

framing on page 1301 

line-length on page 1302 

loopback network on page 1303 
loopback remote on page 1304 
remote-loopback on page 1305 
snmp trap link-status on page 1306 
test-pattern on page 1307 
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clock source 


Use the clock source command to configure the source timing used for the interface. The clock specified 
using the clock source command is also the system master clock. Use the no form of this command to 
return to the default value. Variations of this command include: 


clock source local 
clock source loop 


Syntax Description 





local Configures the unit to provide clocking using the internal oscillator. 
loop Configures the unit to recover clocking from the T3 circuit. 


Default Values 





By default, all T3 interfaces are configured with loop as the clock source. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example configures the unit to recover clocking from the circuit: 


(config)#interface t3 1/1 
(config-t3 1/1)#clock source loop 
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coding b3zs 


Use the coding b3zs command to configure the line coding for a T3 physical interface. This setting must 
match the line coding supplied on the circuit by the service provider. 


Syntax Description 


b3zs Configures the line coding for bipolar three zero substitution (B3ZS). 


Default Values 





By default, all T3 interfaces are configured with B3ZS line coding. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





The line coding configured in the unit must match the line coding of the T3 circuit. A mismatch will result in 
line errors (e.g., BPVs). 


Usage Examples 





The following example configures the T1 interface for B3ZS line coding: 


(config)#interface t3 1/1 
(config-t3 1/1)#coding b3zs 
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framing 


Use the framing command to configure the network framing format for a T3 physical interface. Use the no 
form of this command to return to the default value. Variations of this command include: 


framing cbit 
framing m13 


Syntax Description 





cbit Configures the interface for C-bit parity framing. 
m13 Configures the interface for M13 framing. 


Default Values 





By default, all T3 interfaces are configured for C-bit parity framing. 


Command History 


Release 6.1 Command was introduced. 


Functional Notes 





M13 is an asynchronous framing format that uses all 21 DS3 M-Frame C-bits for bit stuffing indicators. 
End-to-end path parity and datalink capabilities are not provided by the standard M13 format. C-bit parity 
framing differs from M13 by allowing monitoring of the data path (end-to-end) and supporting out-of-band 
data links. 


Usage Examples 





The following example configures the T3 interface for M13 framing: 


(config)#interface t3 1/1 
(config-t3 1/1)#framing m13 
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line-length 


Use the line-length command to configure the line length for a T3 physical interface. Use the no form of 
this command to return to the default value. Variations of this command include: 


line-length long 
line-length short 


Syntax Description 





long Configures the line length for a distance of 225 to 450 feet of cable. 
short Configures the line length for a distance of 0 to 225 feet of cable. 


Default Values 





By default, all T3 interfaces are configured for a short line length. 


Command History 


Release 6.1 Command was introduced. 


Usage Examples 





The following example configures the T3 interface for long line length: 


(config)#interface t3 1/1 
(config-t3 1/1)#line-length long 
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loopback network 


Use the loopback network command to initiate a local T3 loopback on the interface toward the network. 


Use the no form of this command to deactivate the loopback. Variations of this command include: 


loopback network line 
loopback network payload 


Syntax Description 





line Initiates a loopback of the physical T3 network interface; that is, data 
received on the T3 is transmitted back out on the T3. 

payload Initiates a loopback of the T3 framer (TSU portion) of the T3 network 
interface. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example initiates a payload loopback of the T3 interface: 


(config)#interface t3 1/1 
(config-t3 1/1)#loopback network payload 
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loopback remote 


Use the loopback remote command to initiate a loopback test on the T3 interface that sends a remote 
loopback code out the T3 circuit to loop up the far end. This command only applies when C-bit framing is 
used on the circuit. Use the no form of this command to deactivate the loopback. Variations of this 
command include: 


loopback remote line 
loopback remote payload 


Syntax Description 





line Initiates a line loopback. 
payload Initiates a payload loopback. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





This example initiates a remote loopback on the T3 interface: 


(config)#interface t3 1/1 
(config-t3 1/1)#loopback remote 
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remote-loopback 


Use the remote-loopback command to configure the T3 interface to be looped from the far end (remote 
device, telco, etc.). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces respond to remote loopbacks. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





This example enables remote loopbacks on the T3 interface: 


(config)#interface t3 1/1 
(config-t3 1/1)#remote-loopback 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all interfaces except virtual 
Frame Relay interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example disables the link-status trap on the T3 interface: 


(config)#interface t3 1/1 
(config-t3 1/1)#no snmp trap link-status 
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test-pattern 


Use the test-pattern command to activate the built-in pattern generator and begin sending the selected test 
pattern toward the network. This pattern generation can verify a data path when used in conjunction with 
an active loopback. Use the no form of this command to cease pattern generation. Variations of this 
command include: 


test-pattern clear 
test-pattern errors 
test-pattern insert 
test-pattern ones 
test-pattern p215 
test-pattern p223 
test-pattern zeros 


Syntax Description 





clear Clears the test pattern error count. 

errors Displays the test pattern error count. 

insert Inserts an error into the currently active test pattern. 

ones Generates a test pattern of continuous ones. 

p215 Generates a pseudorandom test pattern sequence based on a 15-bit shift 
register. 

p223 Generates a pseudorandom test pattern sequence based on a 23-bit shift 
register. 

zeros Generates a test pattern of continuous Zeros. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example enables a p215 test pattern: 


(config)#interface t3 1/1 
(config-t3 1/1)#test-pattern p215 
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VIRTUAL INTERFACE COMMAND SETS 


This section includes the following command sets: 


ATM Interface Config Command Set on page 1309 

ATM Subinterface Config Command Set on page 1313 

BVI Interface Config Command Set on page 1398 

Demand Interface Configuration Command Set on page 1434 
Frame Relay Interface Config Command Set on page 1507 
Frame Relay Subinterface Config Command Set on page 1529 
HDLC Interface Configuration Command Set on page 1610 
Loopback Interface Configuration Command Set on page 1682 
Port Channel Interface Config Command Set on page 1725 
PPP Interface Configuration Command Set on page 1749 
Tunnel Configuration Command Set on page 1540 

VLAN Configuration Command Set on page 1912 

VLAN Database Configuration Command Set on page 1917 
VLAN Interface Configuration Command Set on page 1926 
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ATM INTERFACE CONFIG COMMAND SET 





To create a virtual asynchronous transfer mode (ATM) interface and/or activate the ATM Interface 
Configuration mode, enter the interface atm command at the Global Configuration mode prompt. For 
example: 


>enable 

#configure terminal 
(config)#interface atm 1 
(config-atm 1)# 


By default, ATM interfaces are created as point-to-point links. This default setting cannot be altered. The 
following command creates the exact same interface as that mentioned above: 


>enable 

#configure terminal 

(config)#interface atm 1 point-to-point 
(config-atm 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


rtp quality-monitoring on page 1310 
snmp trap on page 1311 
snmp trap link-status on page 1312 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the ATM interface: 


(config)#interface atm 1 
(config-atm 1)#rtp quality-monitoring 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP on the ATM interface: 


(config)#interface atm 1 
(config-atm 1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all interfaces except virtual 
Frame Relay interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the ATM interface: 


(config)#interface atm 1 
(config-atm 1)#no snmp trap link-status 
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ATM SUBINTERFACE CONFIG COMMAND SET 





To create a virtual asynchronous transfer mode (ATM) subinterface and/or activate the ATM Subinterface 
Configuration mode, enter the interface atm command (and specify a subinterface) at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface atm 1.1 
(config-atm 1.1)# 


By default, ATM subinterfaces are created as point-to-point links. This default setting cannot be altered. 
The following command creates the exact same interface as that mentioned above: 


>enable 

#configure terminal 

(config)#interface atm 1.1 point-to-point 
(config-atm 1.1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 
shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1315 
atm routed-bridged ip on page 1316 
bandwidth <value> on page 1317 
bridge-group <value> on page 1318 
cos on page 1319 

crypto map <name> on page 1321 
dial-backup commands begin on page 1323 
dynamic-dns on page 1340 
encapsulation on page 1342 
fair-queue on page 1343 

hold-queue <value> out on page 1344 
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ip commands begin on page 1345 
max-reserved-bandwidth <value> on page 1383 
media-gateway ip on page 1384 

mtu <size> on page 1385 

oam retry on page 1387 

oam-pvc managed on page 1388 

pvc <VPI/VCI> on page 1389 

qos-policy on page 1390 

spanning-tree commands begin on page 1392 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the ATM interface 1.1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the ATM interface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#access-policy Private 
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atm routed-bridged ip 


Use the atm routed-bridged ip command to enable IP routed bridge encapsulation (RBE) on an interface. 
Use the no form of this command to disable RBE operation. 


Syntax Description 


No subcommanads. 


Default Values 





By default, routed bridge encapsulation is disabled. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example enables routed bridge encapsulation: 


(config)#interface atm 1.1 
(config-atm 1.1)#atm routed-bridged ip 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4,294,967,295 kbps. 


Default Values 





To view the default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the ATM subinterface to 10 Mbps: 


(config)#interface atm 1.1 
(config-atm 1.1)#bandwidth 10000 
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bridge-group <va/lue> 


Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of 
this command to remove the interface from the bridge group. 


Syntax Description 


<value> Specifies the bridge group (by number) to which to assign this interface. 
Range is 1 to 255. 


Default Values 





By default, there are no configured bridge groups. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





A bridged network can provide excellent traffic management to reduce collisions and limit the amount of 
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can 
be bridged (Ethernet to T1, Ethernet to Frame Relay subinterface). 


Usage Examples 





The following example assigns the ATM subinterface labeled 1.1 to bridge group 1: 


(config)#interface atm 1.1 
(config-atm 1.1)#bridge-group 1 
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Cos 


Use the cos command to define class of service (CoS) settings on an ATM subinterface. Use the no form of 
this command to remove the parameters. Variations of this command include: 


cos ubr 
cos vbr-nrt <pcr> <scr> <mbs> 
cos vbr-rt <pcr> <scr> <mbs> 


Syntax Description 





ubr Indicates unspecified bit rate (UBR) for the CoS. 

vbr-nrt Specifies the variable bit rate (VBR) nonreal time (NRT) peak cell rate 
(PCR), sustained cell rate (SCR), and maximum burst size (MBS). 

vbr-rt Specifies the variable bit rate real time (RT) peak cell rate, sustained cell 
rate, and maximum burst size. 

<pcr> Indicates the peak cell rate or maximum number of cells per second the 
connection can transfer into the network. Valid range is 32 to 50,000 kbps. 

<SCr> Indicates the sustained cell rate or average number of cells per second that 
the connection can transfer into the network. Valid range is 32 to 
50,000 kbps. 

<mbs> Indicates the maximum burst size of cells allowed on the connection. Valid 


range is 3 to 65,535. 


Default Values 





The default setting for this feature is cos ubr. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example defines variable bit rate real time on the ATM subinterface 1.2: 


config)#interface atm 1.2 point-to-point 

config-atm 1.2)#no shutdown 

config-atm 1.2)#pve 1/101 

config-atm 1.2)#ip address 10.23.107.35 255.255.255.240 
config-atm 1.2)#COS VBR-rt 2304 1024 3 
) 


( 
( 
( 
( 
( 
(config-atm 1.2)#bandwidth 2304 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1319 


Command Reference Guide ATM Subinterface Config Command Set 





The following example defines unspecified bit rate on the ATM subinterface 1.3: 


(config)#interface atm 1.3 point-to-point 

(config-atm 1.3)#no shutdown 

(config-atm 1.3)#pve 1/102 

(config-atm 1.3)#ip address 10.23.107.51 255.255.255.240 
(config-atm 1.3)#COS UBR 

(config-atm 1.3)#bandwidth 1024 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps that 
share the same name, but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Specifies the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 


When configuring a system to use both the stateful inspection firewall and Internet key exchange (IKE) 
negotiation for virtual private network (VPN), keep the following notes in mind. 


When defining the policy class and associated access control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted), it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the ATM subinterface: 


(config)#interface atm 1.1 
(config-atm 1.1)#crypto map MyMap 
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dial-backup auto-backup 


Use the dial-backup auto-backup command to configure the subinterface to automatically attempt a dial 
backup upon failure. Use the no form of this command to disable this feature. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1326. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically attempt dial backup upon a failure. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example enables automatic dial backup on the endpoint: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup auto-backup 
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dial-backup auto-restore 


Use the dial-backup auto-restore command to configure the subinterface to automatically discontinue 
dial backup when all network conditions are operational. Use the no form of this command to disable the 
auto-restore feature. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of the command dial-backup call-mode on page 1326. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically restore the primary connection when the failure 
condition clears. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following configures AOS to automatically restore the primary connection when the failure condition 
clears: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup auto-restore 
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dial-backup backup-delay <value> 


Use the dial-backup backup-delay command to configure the amount of time the router will wait after the 
failure condition is recognized before attempting to backup the link. Use the no form of this command to 
return to the default value. For more detailed information on dial-backup functionality, refer to the 
Functional Notes and Technology Review sections of the command dial-backup call-mode on page 1326. 


Syntax Description 





<value> Specifies the delay period (in seconds) a failure must be active before AOS 
will enter backup operation on the interface. Valid range is 10 to 
86,400 seconds. 


Default Values 





By default, the dial-backup backup-delay period is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures AOS to wait 60 seconds (on an endpoint with an active alarm condition) 
before attempting dial-backup operation: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup backup-delay 60 
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dial-backup call-mode 


Use the dial-backup call-mode command to specify whether the configured backup interface answers or 
originates (or a combination of both) backup calls. Use the no form of this command to return to the 
default value. Variations of this command include: 


dial-backup call-mode answer 

dial-backup call-mode answer-always 
dial-backup call-mode originate 

dial-backup call-mode originate-answer 
dial-backup call-mode originate-answer-always 


Syntax Description 





answer Answers and backs up primary link on failure. 
answer-always Answers and backs up regardless of primary link state. 
originate Originates backup call on primary link failure. 
originate-answer Originates or answers call on primary link failure. 


originate-answer-always Originates on failure; answers and backs up always. 


Default Values 





By default, the dial-backup call-mode is set to originate-answer. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





The majority of the configuration for AOS dial-backup implementation is configured via the dial-backup 
PPP interface configuration commands. However, the numbers dialed are configured in the primary 
interface. Full sample configurations follow: 


Sample configuration for remote router (dialing out) 


hostname “Remote3200” 

enable password adtran 

| 

interface eth 0/1 

ip address 192.168.1.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 

framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 

interface fr 1 point-to-point 

frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

| 

interface fr 1.16 point-to-point 

frame-relay interface-dlci 16 

ip address 10.1.1.2 255.255.255.252 

dial-backup call-mode originate 

dial-backup number 5551111 analog ppp1 

dial-backup number 5552222 analog ppp1 
no shutdown 

| 


interface ppp 1 

ip address 172.22.56.1 255.255.255.252 

ppp authentication chap 

username remoter outer password remoteness 
ppp chap hostname local router 

ppp chap password adtran 

no shutdown 

| 

ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252 
| 

line telnet 0 4 

password password 


Sample configuration for central router (dialing in) 


hostname “Central3200” 

enable password adtran 

| 

interface eth 0/1 

ip address 192.168.100.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 

framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 
interface fr 1 point-to-point 
frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

| 

interface fr 1.100 point-to-point 
frame-relay interface-dici 100 

ip address 10.1.1.1 255.255.255.252 
dial-backup call-mode answer 
dial-backup number 555-8888 analog ppp 1 
| 

interface ppp 1 

ip address 172.22.56.2 255.255.255.252 
ppp authentication chap 

username local router password adtran 
ppp chap hostname remote router 

ppp chap password remoteness 

no shutdown 

| 


ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252 


line telnet 0 4 
password password 


Usage Examples 





The following example configures AOS to generate backup calls for this endpoint using an analog modem 
interface (to phone number 555 1111), but never answer calls and specifies ppp 2 as the backup interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup call-mode originate 
(config-atm 1.1)#dial-backup number 555 1111 analog ppp 2 
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Technology Review 





This technology review provides information regarding specific dial-backup router behavior (i.e., when the 
router will perform dial backup, where in the configuration AOS accesses specific routing information, etc.): 


Dialing Out 
1. AOS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure. 


2. When placing outbound calls, AOS matches the number dialed to a PPP interface. This is accomplished 
with an addition to the dial-backup number command (refer to dia/-backup number on page 1333). 


3. When placing the call, AOS uses the configuration of the related PPP interface for authentication and IP 
negotiation. 


4. If the call fails to connect on the first number dialed, AOS places a call to the second number (if a 
second number is configured). The second number to be dialed references a separate PPP interface. 


Dialing In 
1. AOS receives an inbound call on a physical interface. 
2. Caller ID is used to match the dial-backup number command to the configured PPP interface. 


3. If a match is found, the call connects and AOS pulls down the primary connection if it is not already ina 
down state. 


4. If no match is found from caller ID, the call is terminated. 
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dial-backup connect-timeout <va/ue> 


Use the dial-backup connect-timeout command to specify the number of seconds to wait for a connection 
after a call is attempted before trying to call again or dialing a different number. It is recommended this 
number be greater than 60. Use the no form of this command to return to the default setting. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of the command dial-backup call-mode on page 1326. 


Syntax Description 





<value> Specifies the amount of time (in seconds) that the router will wait for a 
connection before attempting another call. Valid range is 10 to 300 seconds. 


Default Values 





By default, the dial-backup connect-timeout period is set to 60 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures AOS to wait 120 seconds before retrying a failed dial-backup call: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup connect-timeout 120 
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dial-backup force 


Use the dial-backup force command to manually override the automatic dial-backup feature. This can be 
used to force a link into backup to allow maintenance to be performed on the primary link without 
disrupting data. Use the no form of this command to return to the normal dial-backup operation state. For 
more detailed information on dial-backup functionality, refer to the Functional Notes and Technology 
Review sections of the command dial-backup call-mode on page 1326. Variations of this command 
include: 


dial-backup force backup 
dial-backup force primary 


Syntax Description 





backup Forces backup regardless of primary link state. 
primary Forces primary link regardless of its state. 


Default Values 


By default, this feature is disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures AOS to force this endpoint into dial backup: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup force backup 
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dial-backup maximum-retry <value> 


Use the dial-backup maximum-retry command to select the number of calls the router will make when 
attempting to backup a link. Use the no form of this command to return to the default state. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of the command dial-backup call-mode on page 1326. 


Syntax Description 





<value> Selects the number of call retry attempts that will be made after a link 
failure. Valid range is 0 to 15 attempts. 


Setting this value to 0 will allow unlimited retries during the time the network 
is failed. 


Default Values 





By default, the dial-backup maximum-retry period is set to 0 attempts. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures AOS to retry a dial-backup call 4 times before considering backup 
operation not available: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup maximum-retry 4 
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dial-backup number 


Use the dial-backup number command to configure the phone number and the call type the router will 
dial upon network failure. Multiple entries can be made for an interface to allow alternate sites to be dialed. 
Use the no form of this command to disable this feature. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup 
call-mode on page 1326. Variations of this command include: 


dial-backup number <number> analog ppp <interface> 
dial-backup number <number> cellular ppp </nterface> 
dial-backup number <number> digital-56k </isdn min chan> <isdn max chan> ppp <interface> 
dial-backup number <number> digital-64k <isdn min chan> <isdn max chan> ppp <interface> 


Syntax Description 





<number> Specifies the phone numbers to call when the backup is initiated. 

analog Indicates the number connects to an analog modem. 

cellular Indicates the number connects to a cellular modem. 

digital-56k Indicates the number belongs to a digital 56 kbps per DSO connection. 

digital-64k Indicates the number belongs to a digital 64 kbps per DSO connection. 

<isdn min chan> Specifies the minimum number of DSOs required for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 

<isdn max chan> Specifies the maximum number of DSOs desired for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 

ppp <interface> Specifies the PPP interface to use as the backup for this interface (for example, 
ppp 1). 


Default Values 





By default, there are no configured dial-backup numbers. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added 
Release 17.2 Command was expanded to include cellular connections. 


Usage Examples 





The following example configures AOS to dial 704-555-1212 (digital 64 kbps connection) to initiate 
dial-backup operation for this endpoint using the configured ppp 1 backup interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup number 7045551212 digital-64k 1 1 ppp 1 
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dial-backup priority <va/ue> 


Use the dial-backup priority command to select the backup priority for this interface. This allows the user 
to establish the highest priority backup link and ensure that link will override backups attempted by lower 


priority links. Use the no form of this command to return to the default value. For more detailed 


information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 


the command dial-backup call-mode on page 1326. 


Syntax Description 





<value> Sets the relative priority to this link. Valid range is 0 to 100. A value of 100 


designates the highest priority. 


Default Values 





By default, the dial-backup priority is set to 50. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example assigns the highest priority to this endpoint: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup priority 100 
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dial-backup randomize-timers 


Use the dial-backup randomize-timers command to randomize the call timers to minimize potential 
contention for resources. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1326. 


Syntax Description 





No subcommanas. 


Default Values 





By default, AOS does not randomize the dial-backup call timers. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures AOS to randomize the dial-backup timers associated with this endpoint: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup randomize-timers 
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dial-backup redial-delay <value> 


Use the dial-backup redial-delay command to configure the delay after an unsuccessful call until the call 
will be re-tried. Use the no form of this command to return to the default setting. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1326. 


Syntax Description 





<value> Specifies the delay (in seconds) between attempting to redial a failed 
backup attempt. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the dial-backup redial-delay period is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures a redial delay of 25 seconds on this endpoint: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup redial-delay 25 
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dial-backup restore-delay <va/ue> 


Use the dial-backup restore-delay command to configure the amount of time the router will wait after the 
network is restored before disconnecting the backup link and reverting to the primary. This setting is used 
to prevent disconnecting the backup link if the primary link is bouncing in and out of alarm. Use the no 
form of this command to return to the default setting. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup 
call-mode on page 1326. 


Syntax Description 





<value> Specifies the number of seconds AOS will wait (after a primary link is 
restored) before disconnecting dial-backup operation. Range is 10 to 
86,400 seconds. 


Default Values 





By default, the dial-backup restore-delay period is set to 10 seconds. 


Command History 


Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures AOS to wait 30 seconds before disconnecting dial-backup operation and 
restoring the primary connection for this endpoint: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup restore-delay 30 
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dial-backup schedule 


Use the dial-backup schedule command to set the time of day that backup will be enabled. Use this 
command if backup is desired only during normal business hours and on specific days of the week. Use the 
no form of this command to disable dial backup (as specified). For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command 
dial-backup call-mode on page 1326. Variations of this command include: 


dial-backup schedule day <name> 
dial-backup schedule enable-time <value> 
dial-backup schedule disable-time <va/ue> 


Syntax Description 


day <name> Sets the days to allow backup. Valid range is Monday through Sunday. 

enable-time <va/ue> Sets the time of day to enable backup. Time is entered in a 24-hour format 
(00:00). 

disable-time <value> Sets the time of day to disable backup. Time is entered in a 24-hour format 
(00:00). 


Default Values 





By default, dial backup is enabled for all days and times if the dial-backup auto-backup command has 
been issued and the dial-backup schedule has not been entered. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example enables dial backup Monday through Friday 8:00 a.m. to 7:00 p.m.: 


(config)#interface atm 1.1 

(config-atm 1.1)#dial-backup schedule enable-time 08:00 
(config-atm 1.1)#dial-backup schedule disable-time 19:00 
(config-atm 1.1)#no dial-backup schedule day Saturday 
(config-atm 1.1)#no dial-backup schedule day Sunday 
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dial-backup shutdown 


Use the dial-backup shutdown command to deactivate all dial-backup functionality in the unit. 
Dial-backup configuration parameters are kept intact, but the unit will not initiate (or respond) to 
dial-backup sequences in the event of a network outage. Use the no form of this command to reactivate the 
dial-backup interface. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of the command dial-backup call-mode on page 1326. 


Syntax Description 





No subcommanads. 


Default Values 





By default, all AOS interfaces are disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example deactivates the configured dial-backup interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#dial-backup shutdown 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the dynamic domain 
name server (DNS). 


<minutes> Specifies the intervals in minutes to update the server with information 
(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
you to manage IP address mappings (A records), domain aliases (CNAME records), and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services, Inc. (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 


dyndns-custom - DynDNS.org's Custom DNSS™ service provides a full DNS solution, giving you 
complete control over an entire domain name. A Web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for most common configurations and allows for easy creation of most common record types. 
The advanced interface is designed for system administrators with a solid DNS background, and provides 
layout and functionality similar to a BIND zone file allowing for the creation of nearly any record type. 
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Custom DNSSM can be used with both static and dynamic IPs, and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSSM service in that it 
allows a host name, such as yourname.dyndns.org, to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate through the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all, but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
that also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the Dynamic DNS to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface atm 1.1 
(config-atm 1.1)#dynamic-dns dyndns-custom host user pass 
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encapsulation 


Use the encapsulation command to configure the encapsulation type for the ATM Adaption Layer (AAL) 
of the ATM Protocol Reference Model. Use the no form of this command to return to the default setting. 
Variations of this command include: 


encapsulation aal5mux ip 
encapsulation aal5mux ppp 
encapsulation aal5snap 


Syntax Description 





aal5mux ip Specifies encapsulation type for multiplexed virtual circuits using the IP 
protocol. 

aal5bmux ppp Specifies encapsulation type for multiplexed virtual circuits using the 
Point-to-Point Protocol (PPP). 

aal5snap Specifies encapsulation type that supports LLC/SNAP protocols. 


Default Values 





By default, the encapsulation type is aalbsnap. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





For PPP and Point-to-Point Protocol over Ethernet (PPoE), the encapsulation type can be aal5snap or 
aal5mux ppp. For IP with no bridging, the encapsulation type can be aal5snap or aal5mux ip. For IP with 
bridging, the encapsulation type can only be aal5snap. For bridging, the encapsulation type can only be 
aal5snap. 


Usage Examples 





The following example sets the encapsulation type to aal5snap: 


(config)#interface atm 1.1 
(config-atm 1.1)#encapsulation aal5snap 
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fair-queue 


Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of 
this command to disable WFQ and enable first in, first out (FIFO) queueing for an interface. WFQ is 
enabled by default for WAN interfaces. Variations of this command include: 


fair-queue 
fair-queue <value> 


Syntax Description 





<value> Optional. Value that specifies the maximum number of packets that can be 
present in each conversation subqueue. Packets received for a 
conversation after this limit is reached are discarded. Range is 16 to 
512 packets. 


Default Values 





By default, fair-queue is enabled with a threshold of 64 packets. 


Command History 


Release 5.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 
The following example enables WFQ on the interface with a threshold set at 100 packets: 


(config)#interface atm 1.1 
(config-atm 1.1)#fair-queue 100 
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hold-queue <va/ue> out 


Use the hold-queue out command to change the overall size of an interface's WAN output queue. Use the 
no form of this command to return to the default settings. 


Syntax Description 


<value> The total number of packets the output queue can contain before packets 
are dropped. Range is 16 to 1000 packets. 


Default Values 





The default queue size for weighted fair queuing (WFQ) is 400. The default queue size for Point-to-Point 
Protocol (PPP) first in, first out (FIFO) and Frame Relay round-robin is 200. 


Command History 





Release 5.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example sets the overall output queue size to 700: 


(config)#interface atm 1.1 
(config-atm 1.1)#hold-queue 700 out 
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ip access-group <name> 


Use the ip access-group command to create an access control list (ACL) to be used for packets transmitted 
on or received from the specified interface. Use the no form of this command to disable this type of 
control. Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Specifies the assigned IP ACL name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 





The following example sets up the router to only allow Telnet traffic into the ATM subinterface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#interface atm 1.1 

config-atm 1.1)#ip access-group TelnetOnly in 


aN aN 
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ip address dhcp 


Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an 
address on the interface. Use the no form of this command to remove a configured IP address (using 
DHCP) and disable DHCP operation on the interface. Variables that may be used with this command to 
further define the DHCP configuration include: 


ip address dhcp client-id [<interface> | <identifier>] [hostname <‘string’>] [track <name>] 
[<administrative distance>] 

ip address dhcp hostname <‘“string’> [no-default-route | no-domain-name | no-nameservers] 
[track <name>] [<administrative distance>] 

ip address dhcp [no-default-route | no-domain-name | no-nameservers] [track <name>] 
[<administrative distance>] 

ip address dhcp track <name> [<administrative distance>] 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the 
DHCP gateway into the route table. It is used to determine the best route 
when multiple routes to the same destination exist. The smaller the 
administrative distance, the more reliable the route. Range is 1 to 255. 


client-id Optional. Specifies the client identifier used when obtaining an IP address 
from a DHCP server. 


<interface> Specifies an interface, thus defining the client identifier as the hexadecimal 
MAC address of the specified interface (including a hexadecimal number 
added to the front of the MAC address to identify the media type). 


For example, specifying the client-id ethernet 0/1 (where the Ethernet 
interface has a MAC address of d217.0491.1150) defines the client 
identifier as 01:d2:17:04:91:11:50 (where 01 defines the media type as 
Ethernet). Refer to hardware-address on page 2550 for a detailed listing of 
media types. 

<identifier> Specifies a custom client-identifier using a text string (that is converted to a 
hexadecimal equivalent) or 7 to 28 hexadecimal numbers (with colon 
delimiters). 
For example, a custom client identifier of Of:ff:ff:ff:ff:51 :04:99:a1 may be 
entered using the <identifier> option. 

hostname <‘“string’> Optional. Specifies a text string (to override the global router name) to use 
as the name in the DHCP option 12 field. The string is enclosed in quotation 
marks and can consist of up to 35 characters. 


no-default-route Optional. Specifies that no default route is obtained via DHCP. 
no-domain-name Optional. Specifies that no domain name is obtained via DHCP. 
no-nameservers Optional. Specifies that no DNS servers are obtained via DHCP. 

track <name> Optional. Attaches a network monitoring track to the DHCP client. The 


DHCP gateway route for this client will only reside in the route table while 
the track is in the pass state. For more information on configuring track 
objects, refer to track <name> on page 947. 
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Default Values 





<administrative distance> 
client-id 


hostname <‘“string’> 


Command History 


Release 2.1 
Release 8.1 
Release 13.1 


By default, the administrative distance value is 1. 

Optional. By default, the client identifier is populated using the following 
formula: 

TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS 

Where TYPE specifies the media type in the form of one hexadecimal byte 
(refer to hardware-address on page 2550 for a detailed listing of media 
types), and the MAC ADDRESS is the media access control (MAC) address 
assigned to the first Ethernet interface in the unit in the form of six 
hexadecimal bytes. (For units with a single Ethernet interface, the MAC 
ADDRESS assigned to Ethernet 0/1 is used in this field). 


INTERFACE SPECIFIC INFO is only used for Frame Relay interfaces and 
can be determined using the following: 


FR_PORT#: Q.922 ADDRESS 


Where the FR_PORT# specifies the label assigned to the virtual Frame 
Relay interface using four hexadecimal bytes. For example, a virtual Frame 
Relay interface labeled 1 would have a FR_PORT# of 00:00:00:01. 


The Q.922 ADDRESS field is populated using the following: 


8 7 6 5 4 3 2 


DLCI (high order) C/R| EA 

















DLCI (lower) | FECN BECN DE | EA 





Where the FECN, BECN, C/R, DE, and high order extended address (EA) 
bits are assumed to be 0 and the lower order EA bit is set to 1. 


The following list provides a few example DLCls and associated Q.922 
address: 
DLCI (decimal) / Q.922 address (hex) 

16 / 0x0401 

50 / 0x0C21 

60 / Ox0CC1 

70 / 0x1061 

80 / 0x1401 


By default, the host name is the name configured using the Global 
Configuration hostname command. 


Command was introduced. 
Command was expanded to include ATM subinterface. 
Command was expanded to include track and administrative distance. 
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Functional Notes 





DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on 
the network. Many Internet Service Providers (ISPs) require the use of DHCP when connecting to their 
services. Using DHCP reduces the number of dedicated IP addresses the ISP must obtain. Consult your 
ISP to determine the proper values for the client-id and hostname fields. 


Usage Examples 





The following example enables DHCP operation on the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip address dhcp 


The following example enables DHCP operation on the ATM subinterface 1.1 utilizing host name adtran 
and does not allow obtaining a default route, domain name, or nameservers. It also sets the administrative 
distance as 5: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip address dhcp hostname “adtran” no-default-route no-domain-name 
no-nameservers 5 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the optional 
secondary keyword to define a secondary IP address. Use the no form of this command to remove a 
configured IP address. Variations of this command include: 


ip address <ip address> <subnet mask> 
ip address <i/p address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 
The following example configures a secondary IP address of 192.22.72.101 255.255.255.252: 





(config)#interface atm 1.1 
(config-atm 1.1)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip dhcp 


Use the ip dhcp command to release or renew the Dynamic Host Configuration Protocol (DHCP) IP 
address. This command is only applicable when using DHCP for IP address assignment. Variations of this 
command include: 


ip dhcp release 
ip dhcp renew 


Syntax Description 





release Releases DHCP IP address. 
renew Renews DHCP IP address. 


Default Values 





No default values are required for this command. 


Command History 





Release 3.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example releases the IP DHCP address for the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip dhcp release 
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ip directed-broadcast 


Use the ip directed-broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this feature. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list (ACL) name. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an ACL with this 
command. In this case, only directed broadcasts that are permitted by the specified ACL will be forwarded, 
and all other directed broadcasts directed to this interface subnet will be dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC 1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC 2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service (DoS) attacks. 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface atm 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip directed-broadcast 
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ip ffe 


Use the ip ffe command to enable the RapidRoute Engine (formerly FFE) on this interface with the default 
number of entries. Use the no form of this command to disable the FFE. Variations of this command 
include: 


ip ffe 
ip ffe max-entries <entries> 





‘one Issuing this command will cause all FFE entries on this interface to be cleared. 





Syntax Description 





max-entries <entries> Optional. Specifies the maximum number of entries stored in the flow table. 
Valid range is from 1 to 8192. 


Default Values 





By default, the FFE is disabled. The default number of max-entries is 4096. 


Command History 


Release 13.1 Command was introduced. 


Functional Notes 





The FFE can be used to help reduce routing overhead, and thus reduce overall routing times. Routing 
times are reduced by the creation of a flow table on the ingress interface. The maximum number of entries 
that can be stored in the flow table at any one time may be specified by using the max-entries 
subcommand. When features such as firewall, VPN, and static filters are enabled, routing time reduction 
may not be realized. 


Usage Examples 





The following example enables the FFE and sets the maximum number of entries in the flow table to 50: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip ffe max-entries 50 


Technology Review 





The RapidRoute system goal is to increase IP packet throughput by moving as much of the packet 
processing into the engine as possible. Packets are classified into flows based upon the IP protocol (TCP, 
UDP, ICMP, etc.), the source and destination IP addresses, IP TOS, and the protocol-specific information, 
such as the source and destination port numbers. Flows are defined as the unidirectional representation of 
a conversation between two IP hosts. Each ingress interface keeps its own flow table, a collection of flow 
entries. 
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The first packet in a flow that is forwarded through the unit will build a flow entry. When a flow entry is 
looked up, but no entry is found, a RapidRouteBuilder object is allocated and attached to the packet. As 
the packet passes through the various processing layers, each subsystem will add processing to the 
RapidRouteBuilder. When the packet is about to be forwarded out of the egress interface, the 
RapidRouteBuilder will be finalized. That is, the flow entry being built will be checked for completeness and 
committed to the flow table on the ingress interface. Subsequent flow matches can then bypass the normal 
processing layers. 
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ip flow 


Use the ip flow command to enable integrated traffic monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of this command to disable traffic monitoring. Variations of 
this command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Default Values 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables traffic monitoring on an atm subinterface to monitor incoming traffic 
through an ACL called myacl: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 


When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign an address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is UDP. 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248 /30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface atm 1.1 
(config-atm 1.1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or Internet Group Management Protocol 
(IGMP) snooping switch) is connected to the interface, when a leave is 
received, multicast of that group is immediately terminated as opposed 
to sending a group query and timing out the group if no device responds. 
Works in conjunction with ip igmp last-member-query-interval. 
Applies to all groups when configured. Use the no form of this command 
to disable the immediate-leave feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. Ifa 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP Version 2). 
Range is 60 to 300 seconds. Use the no form of this command to return 
to the default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP Version 2, the designated router is the router with the lowest 
IP address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 

query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP Version 2. Hosts are allowed a 
random time within this period to respond, reducing response bursts. 
Use the no form of this command to return to the default setting. 
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Syntax Description 





static-group <address> 


version [1 | 2] 


Default Values 


Configures the router's interface to be a statically connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 
Release 8.1 


Usage Examples 


Command was introduced. 
ATM subinterface was added. 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface atm 1.1 


(config-atm 1.1)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 
Use the ip mcast-stub downstream command to enable multicast forwarding and Internet Group 


Management Protocol (IGMP) (router mode) on an interface and place it in multicast stub downstream 
mode. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 1363 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group <address> command to receive multicast traffic without host-initiated Internet 
Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all host-initiated IGMP 
transactions will enter multicast routes on the router’s interface involved with IGMP activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface atm1.1 
(config-atm 1.1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 
Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the 


Internet Group Management Protocol (IGMP) proxy. Use the no form of this command to disable this 
feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the router to perform as an IGMP proxy. 
Refer to jo mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 
1360, and ip mcast-stub upstream on page 1363 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the Internet Group Management Protocol (IGMP) host function is dynamically 
enabled and the interface becomes the active upstream interface, enabling the router to perform as an 
IGMP proxy. Though multiple interfaces may be candidates, no more than one interface will actively serve 
as the helper forwarding interface. Refer to jo mcast-stub helper-address <ip address> on page 741 and ip 
mcast-stub downstream on page 1360 for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize open shortest path first (OSPF) settings (if needed). Use the no 
form of these commands to return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


retransmit-interval <seconds> 
transmit-delay <seconds> 
hello-interval <seconds> 
dead-interval <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 
Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 

1 to 65,535. 

Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 

32,767 seconds. 

Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 

Configures OSPF message digest 5 (MD5) authentication 
(16-byte max) keys. 

Sets the OSPF priority. The value set in this field helps 
determine the designated router for this network. Range is 

0 to 255. 

Specifies the interval (in seconds) between link state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 

Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


5 seconds 

1 second 

10 seconds: Ethernet, point-to-point, Frame Relay, and PPP 
40 seconds 
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Command History 





Release 3.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25,000: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing open shortest path 
first (OSPF) authentication. Use the no form of this command to return to the default setting. Variations of 
this command include: 


ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Specifies message-digest authentication type. 
null Optional. Specifies that no authentication be used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example specifies that no authentication will be used on the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. Point-to-Point Protocol (PPP) and Frame Relay default to 
point-to-point. 


Command History 





Release 3.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 





The following example designates a broadcast network type: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM sparse mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a rendezvous point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the router’s priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4,294,967,295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip pim-sparse dr-priority 100 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the ATM subinterface 1.1 every 3600 seconds: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10,800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65,535 milliseconds. 


Default Values 





By default, the override interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override interval to 3000 milliseconds: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32,767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip pim-sparse propagation-delay 300 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no 
form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified media access 
control (MAC) address and forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the 
unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only received RIP version 1 packets on the interface. 
2 Accepts only received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





Use the ip rip receive version to specify a RIP version that will override the version (in the Router RIP) 
configuration. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the ATM subinterface 1.1 to accept only RIP version 2 packets: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the 
unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





Use the ip rip send version to specify a RIP version that will override the version (in the Router RIP) 
configuration. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the ATM subinterface 1.1 to transmit only RIP version 2 packets: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


WOE Using network address translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP 
route-cache is enabled for all virtual Point-to-Point (PPP) interfaces. 


Command History 





Release 2.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast switching on the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ? 
for a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Frame 
Relay Subinterface Configuration mode configures the Frame Relay subinterface to use the IP address 
assigned to the Ethernet interface for all IP processing. In addition, AOS uses the specified interface 
information when sending route updates over the unnumbered interface. 


Usage Examples 





The following example configures the ATM subinterface 1.1 to use the IP address assigned to the Ethernet 
interface (eth 0/1): 


(config)#interface atm 1.1 
(config-atm 1.1)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a universal resource locator (URL) filter to the interface for all 
inbound or outbound traffic. Use the no form of this command to remove the URL filter from an interface. 
Variations of this command include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <name> http command before applying it to the interface. Refer 
to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Examples 





The following example performs URL filtering on all traffic entering through the ATM subinterface 1.1 and 
matches the URL filter named MyFilter: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VPN routing and forwarding 
(VRF) instance. Use the no form of this command to remove the interface from the named VRF instance 
and assign it to the unnamed default VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP-related 
uT settings on that interface. 
vA 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF that is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF, but multiple interfaces can be assigned to the same VRFF. 


An interface will only forward IP traffic that matches its associated VRF. 


VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each 
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS 
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless 
of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the atm 1.1 interface to the VRF instance named RED: 


(config)#interface atm 1.1 
(config-atm 1.1)#ip vrf forwarding RED 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system-critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system-critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for quality of 
service (QoS). This setting is configured as a percentage of the total 
interface speed. Range is 1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system-critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent bandwidth on the ATM subinterface to be available for use in 
user-defined queues: 


(config)#interface atm 1.1 
(config-atm 1.1)#max-reserved-bandwidth 85 
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media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for Realtime Transport 
Protocol (RTP) traffic. When configuring Voice over Internet Protocol (VoIP), RTP traffic needs an IP 
address to be associated with it. However, some interfaces allow dynamic configuration of IP addresses, 
and thus, this value could change periodically. Use the no form of these commands to disable these 
functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary </p address> 


Syntax Description 


loopback <ip address> Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. IP 
addresses should be expressed in dotted decimal notation (for example, 


10.10.10.1). 

primary Use the IP address that is configured as primary on this interface. Applies to 
static, Dynamic Host Configuration Protocol (DHCP), or negotiated 
addresses. 

secondary <ip address> Use the statically defined secondary IP address of this interface to be used 


for RTP traffic. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 


By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 


The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface atm 1.1 
(config-atm 1.1)#media-gateway ip primary 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





Open shortest path first (OSPF) will not become adjacent on links where the MTU sizes do not match. If 
router A and router B are exchanging hello packets, but their MTU sizes do not match, they will never 
reach adjacency. This is by design and required by the RFC. 
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Usage Examples 





The following example specifies an MTU of 1200 on the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#mtu 1200 
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oam retry 


Use the oam retry command to configure parameters related to operation, administration, and 
maintenance (OAM) management for an asynchronous transfer mode (ATM) interface. Use the no form of 
this command to disable OAM management parameters. Variations of this command include: 


oam retry 

oam retry <up value> 

oam retry <up value> <down value> 

oam retry <up value> <down value> <value> 


Syntax Description 





<up value> Optional. Specifies the number of consecutive end-to-end F5 OAM 
loopback cell responses that must be received in order to change a PVC 
connection state to up. Range is 1 to 255. 

<down value> Optional. Specifies the number of consecutive end-to-end F5 OAM 
loopback cell responses that are not received in order to change a PVC 
state to down. Range is 1 to 255. 

<value> Optional. Specifies the frequency (in seconds) that end-to-end F5 OAM 
loopback cells are transmitted when a change in the up/down state of a 
PVC is being verified. Range is 1 to 600 seconds. 


Default Values 





By default, the up-count is set to 3, the down-count is set to 5, and the retry frequency is 1. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example configures the OAM parameters with an up-count of 2, down-count of 2, and retry 
frequency of 10: 


(config)#interface atm 1.1 
(config-atm 1.1)#oam retry 2 2 10 
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oam-pvc managed 


Use the oam-pve managed command to enable end-to-end F5 operation, administration, and maintenance 
(OAM) loopback cell generation and OAM management for an asynchronous transfer mode (ATM) 
interface. Use the no form of this command to disable generation of OAM loopback cells. Variations of 
this command include: 


oam-pvc managed 
oam-pvc managed <value> 


Syntax Description 





<value> Optional. Specifies the time delay between transmitting OAM loopback 
cells. Range is 0 to 600 seconds. 


Default Values 





By default, the frequency is 1 second. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example enables OAM loopback cell generation with a frequency of 5 seconds: 


(config)#interface atm 1.1 
(config-atm 1.1)#oam-pvc managed 5 
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pve <VPI/VCI> 


Use the pve command to select the asynchronous transfer mode (ATM) virtual link for this subinterface. 
Use the no form of this command to remove the link. 


Syntax Description 


<VPI/VCI> Specifies the ATM network virtual path identifier (VPI) for this PVC. The VPI 
value range is 0 to 255, and the VCI value range is 32 to 65,535. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 


Usage Examples 





The following example sets the VPI to 8 and the VCI to 35: 


(config)#interface atm 1.1 
(config-atm 1.1)#pve 8/35 
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qos-policy 


Use the qos-policy command to apply a previously configured quality of service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 6.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 
Release 15.1 Command was expanded to include in option. 


Functional Notes 





When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 

2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. Across connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing (WFQ). 
6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 
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Usage Examples 





The following example applies the QoS map VOICEMAP to the ATM subinterface 1.1: 


(config)#interface atm 1.1 
(config-atm 1.1)#qos-policy out VOICEMAP 
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spanning-tree bpdufilter 


Use the spanning-tree bpdufilter command to block bridge protocol data units (BPDUs) from being 
transmitted and received on this interface. To return to the default value, use the no form of this command. 
Variations of this command include: 


spanning-tree bpdufilter disable 
spanning-tree bpdufilter enable 


Syntax Description 


disable Disables the BPDU filter. 
enable Enables the BPDU filter. 





Default Values 





By default, this command is set to disable. 


Command History 





Release 5.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





The purpose of this command is to remove a port from participation in the spanning tree. This might be 
beneficial while debugging a network setup. It normally should not be used in a live network. 


Usage Examples 


The following example enables the BPDU filter on the interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#spanning-tree bpdufilter enable 
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spanning-tree bpduguard 


Use the spanning-tree bpduguard command to block bridge protocol data units (BPDUs) from being 
received on this interface. To return to the default value, use the no form of this command. Variations of 
this command include: 


spanning-tree bpduguard disable 
spanning-tree bpduguard enable 


Syntax Description 


disable Disables the BPDU block. 
enable Enables the BPDU block. 





Default Values 





By default, this command is set to disable. 


Command History 





Release 5.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example enables the bpduguard on the interface: 


(config)#interface atm 1.1 
(config-atm 1.1)#spanning-tree bpduguard enable 
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spanning-tree edgeport 
Use the spanning-tree edgeport command to set this interface to be an edgeport. This command overrides 


the global setting (refer to spanning-tree edgeport default on page 932). Use the no form of this command 
to return to the default value. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is set to disable. 


Command History 





Release 5.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Usage Examples 





The following example configures the interface to be an edgeport: 

(config)#interface atm 1.1 

(config-atm 1.1)#spanning-tree edgeport 

An individual interface can be configured to not be considered an edgeport. For example: 
(config)#interface atm 1.1 

(config-atm 1.1)#spanning-tree edgeport disable 

or 


(config)#interface atm 1.1 
(config-atm 1.1)#no spanning-tree edgeport 
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spanning-tree link-type 


Use the spanning-tree link-type command to configure the spanning-tree protocol link type for an 
interface. To return to the default value, use the no form of this command. Variations of this command 
include: 


spanning-tree link-type auto 
spanning-tree link-type point-to-point 
spanning-tree link-type shared 


Syntax Description 





auto Determines link type by the port’s duplex settings. 
point-to-point Sets link type manually to point-to-point, regardless of duplex settings. 
shared Sets link type manually to shared, regardless of duplex settings. 


Default Values 





By default, a port is set to auto. 


Command History 


Release 5.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





This command overrides the default link-type setting determined by the duplex of the individual port. By 
default, a port configured for half-duplex is set to shared link type, and a port configured for full-duplex is 
set to point-to-point link type. Setting the link type manually overrides the default and forces the port to 
use the specified link type. Using the link-type auto command, restores the convention of determining link 
type based on duplex settings. 


Usage Examples 





The following example forces the link type to point-to-point, even if the port is configured to be half-duplex: 


(config)#bridge 1 protocol ieee 
(config)#interface atm 1.1 
(config-atm 1.1)#spanning-tree link-type point-to-point 


Technology Review 





Rapid transitions are possible in rapid spanning-tree protocol (RSTP) by taking advantage of point-to-point 
links (a port is connected to exactly one other bridge) and edge-port connections (a port is not connected 
to any additional bridges). Setting the link type to auto allows the spanning tree to automatically configure 
the link type based on the duplex of the link. Setting the link type to point-to-point allows a half-duplex link 
to act as if it were a point-to-point link. 
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spanning-tree path-cost <va/ue> 


Use the spanning-tree path-cost command to assign a cost to a bridge group that is used when computing 
the spanning-tree root path. To return to the default path-cost value, use the no form of this command. 


Syntax Description 


<value> Assigns a number to the bridge interface to be used as the path cost in 
spanning calculations. Valid range is 0 to 65,535. 


Default Values 





By default, the path-cost value is set to 19. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





The specified value is inversely proportional to the likelinood the bridge interface will be chosen as the root 
path. Set the path-cost value lower to increase the chance the interface will be the root. To obtain the most 
accurate spanning-tree calculations, develop a system for determining path costs for links and apply it to 
all bridged interfaces. 


Usage Examples 





The following example assigns a path cost of 100 for bridge group 17 on an ATM subinterface: 


(config)#interface atm 1.1 
(config-atm 1.1)#spanning-tree path-cost 100 


Technology Review 





Spanning-tree protocol provides a way to prevent loopback or parallel paths in bridged networks. Using the 
priority values and path costs assigned to each bridging interface, the spanning-tree protocol determines 
the root path and identifies whether to block or allow other paths. 
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spanning-tree port-priority <va/ue> 


Use the spanning-tree port-priority command to select the priority level of a port associated with a 
bridge. To return to the default bridge-group priority value, use the no version of this command. 


Syntax Description 


<value> Assigns a priority value for the bridge group; the lower the value, the higher 
the priority. Valid range is 0 to 255. 


Default Values 





By default, the bridge-group priority value is set to 128. 


Command History 





Release 1.1 Command was introduced. 
Release 8.1 ATM subinterface was added. 


Functional Notes 





The only time that this priority level is used is when two interfaces with a path to the root have equal cost. 
At that point, the level set in this command will determine which port the bridge will use. Set the priority 
value lower to increase the chance the interface will be used. 


Usage Examples 





The following example sets the maximum priority on the ATM subinterface labeled 1.1 in bridge 
group 17: 


(config)#interface atm 1.1 
(config-atm 1.1)#spanning-tree port-priority 0 
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BVI INTERFACE CONFIG COMMAND SET 


To activate the Bridged Virtual Interface (BVI) Configuration mode, first enable integrated routing and 
bridging via the bridge irb command (refer to bridge irb on page 630) at the Global Configuration mode 
prompt. For example: 


>enable 
#configure terminal 
(config)#bridge irb 


Next, enter the interface bvi command and a specific interface number that corresponds to an existing 
bridge group at the Global Configuration mode prompt. For example: 


(config)#bridge irb 
(config)#interface bvi 1 
(config-bvi 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1399 
bandwidth <value> on page 1400 

crypto map <name> on page 1401 
dynamic-dns on page 1403 

ip commands begin on page 1405 
mac-address <mac address> on page 1427 
max-reserved-bandwidth <value> on page 1428 
mtu <size> on page 1429 

qos-policy out <name> on page 1431 

rtp quality-monitoring on page 1432 
traffic-shape rate <value> on page 1433 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 

Release 6.1 Command was expanded to include VLAN interfaces. 

Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
BVI interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#access-policy Private 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4,294,967,295 kbps. 


Default Values 





To view default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of BVI interface 1 to 10 Mbps: 


(config)#interface bvi 1 
(config-bvi 1)#bandwidth 10000 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps that 
share the same name, but have different map index numbers. 








For virtual private network (VPN) configuration example scripts, refer to the VPN 
‘wore Configuration Guide located on the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Specifies the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 


When configuring a system to use both the stateful inspection firewall and Internet key exchange (IKE) 
negotiation for VPN, keep the following notes in mind. 


When defining the policy class and associated access control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted), it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#crypto map MyMap 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the dynamic domain 
name server (DNS). 


<minutes> Specifies the intervals in minutes to update the server with information 
(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
you to manage IP address mappings (A records), domain aliases (CNAME records), and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services, Inc. (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1403 


Command Reference Guide BVI Interface Config Command Set 





dyndns-custom - DynDNS.org's Custom DNSSM service provides a full DNS solution, giving you 
complete control over an entire domain name. A Web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for most common configurations and allows for easy creation of most common record types. 
The advanced interface is designed for system administrators with a solid DNS background, and provides 
layout and functionality similar to a BIND zone file allowing for the creation of nearly any record type. 


Custom DNSS™ can be used with both static and dynamic IPs, and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS™ service in that it 
allows a host name, such as yourname.dyndns.org, to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate through the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all, but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
that also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the Dynamic DNS to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface bvi 1 
(config-bvi 1)}#dynamic-dns dyndns-custom host user pass 
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ip access-group <name> 


Use the ip access-group command to create an access control list (ACL) to be used for packets transmitted 
on or received from the specified interface. Use the no form of this command to disable this type of 
control. Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Specifies the IP ACL name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 





The following example sets up the router to only allow Telnet traffic into BVI interface 1: 


(config)#interface bvi 1 

(config)#ip access-list extended TelnetOnly 
(config-ext-nacl)#permit tcp any any eq telnet 
(config)#interface bvi 1 

(config-bvi 1)#ip access-group TelnetOnly in 
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ip address dhcp 


Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an 
address on the interface. Use the no form of this command to remove a configured IP address (using 
DHCP) and disable DHCP operation on the interface. Variables that may be used with this command to 
further define the DHCP configuration include: 


ip address dhcp client-id [<interface> | <identifier>] [hostname <‘string’>] [track <name>] 
[<administrative distance>] 

ip address dhcp hostname <‘“string’> [no-default-route | no-domain-name | no-nameservers] 
[track <name>] [<administrative distance>] 

ip address dhcp [no-default-route | no-domain-name | no-nameservers] [track <name>] 
[<administrative distance>] 

ip address dhcp track <name> [<administrative distance>] 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the 
DHCP gateway into the route table. It is used to determine the best route 
when multiple routes to the same destination exist. The smaller the 
administrative distance, the more reliable the route. Range is 1 to 255. 


client-id Optional. Specifies the client identifier used when obtaining an IP address 
from a DHCP server. 


<interface> Specifies an interface, thus defining the client identifier as the hexadecimal 
MAC address of the specified interface (including a hexadecimal number 
added to the front of the MAC address to identify the media type). 


For example, specifying the client-id ethernet 0/1 (where the Ethernet 
interface has a MAC address of d217.0491.1150) defines the client 
identifier as 01:d2:17:04:91:11:50 (where 01 defines the media type as 
Ethernet). Refer to hardware-address on page 2550 for a detailed listing of 
media types. 

<identifier> Specifies a custom client-identifier using a text string (that is converted to a 
hexadecimal equivalent) or 7 to 28 hexadecimal numbers (with colon 
delimiters). 
For example, a custom client identifier of Of:ff:ff:ff:ff:51:04:99:a1 may be 
entered using the <identifier> option. 

hostname <‘“string’> Optional. Specifies a text string (to override the global router name) to use 
as the name in the DHCP option 12 field. The string is enclosed in quotation 
marks and can consist of up to 35 characters. 


no-default-route Optional. Specifies that no default route is obtained via DHCP. 
no-domain-name Optional. Specifies that no domain name is obtained via DHCP. 
no-nameservers Optional. Specifies that no DNS servers are obtained via DHCP. 

track <name> Optional. Attaches a network monitoring track to the DHCP client. The 


DHCP gateway route for this client will only reside in the route table while 
the track is in the pass state. For more information on configuring track 
objects, refer to track <name> on page 947. 
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Default Values 





<administrative distance> By default, the administrative distance value is 1. 


client-id Optional. By default, the client identifier is populated using the following 
formula: 
TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS 
Where TYPE specifies the media type in the form of one hexadecimal byte 
(refer to hardware-address on page 2550 for a detailed listing of media 
types), and the MAC ADDRESS is the media access control (MAC) address 
assigned to the first Ethernet interface in the unit in the form of six 
hexadecimal bytes. (For units with a single Ethernet interface, the MAC 
ADDRESS assigned to Ethernet 0/1 is used in this field). 

hostname <‘“string’> By default, the host name is the name configured using the Global 
Configuration hostname command. 


Command History 





Release 2.1 Command was introduced. 

Release 8.1 Command was expanded to include ATM subinterface. 

Release 13.1 Command was expanded to include track and administrative distance. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on 
the network. Many Internet Service Providers (ISPs) require the use of DHCP when connecting to their 
services. Using DHCP reduces the number of dedicated IP addresses the ISP must obtain. Consult your 
ISP to determine the proper values for the client-id and hostname fields. 


Usage Examples 





The following example enables DHCP operation on virtual BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#ip address dhcp 


The following example enables DHCP operation on virtual BVI interface 1 utilizing hostname adtran and 
does not allow obtaining a default route, domain name, or nameservers. It also sets the administrative 
distance as 5: 


(config)#interface bvi 1 
(config-bvi 1)#ip address dhcp hostname “adtran” no-default-route no-domain-name 
no-nameservers 5 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the optional 
secondary keyword to define a secondary IP address. Use the no form of this command to remove a 
configured IP address. Variations of this command include: 


ip address <ip address> <subnet mask> 
ip address <i/p address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 
The following example configures a secondary IP address of 192.22.72.101 255.255.255.252: 





(config)#interface bvi 1 
(config-bvi 1)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip directed-broadcast 


Use the ip directed-broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this feature. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list (ACL) name. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


lf ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an ACL with this 
command. In this case, only directed broadcasts that are permitted by the specified ACL will be forwarded, 
and all other directed broadcasts directed to this interface subnet will be dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC 1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC 2644), with the intended goal of reducing the efficacy of certain types of denial of 
service (DoS) attacks. 
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Usage Examples 





The following example enables forwarding of directed broadcasts on BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#ip directed-broadcast 
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ip flow 


Use the ip flow command to enable integrated traffic monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of this command to disable traffic monitoring. Variations of 
this command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Default Values 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables traffic monitoring on a BVI to monitor incoming traffic through an ACL 
called myacl: 


(config)#interface bvi 1 
(config-bvi 1)#ip flow ingress myacl 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1411 


Command Reference Guide BVI Interface Config Command Set 





ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 


When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign a helper-address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is UDP. 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248 /30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


config)#iinterface bvi 1 

config)#ip forward-protocol udp domain 
config)#interface bvi 1 

config-bvi 1)#ip helper-address 192.33.5.99 
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ip ospf 


Use the ip ospf command to customize open shortest path first (OSPF) settings (if needed). Use the no 
form of these commands to return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 
retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 
Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 

1 to 65,535. 

Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 

65,535 seconds. 

Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 65,535 seconds. 

Configures OSPF message digest 5 (MD5) authentication 
(16-byte max) keys. 

Sets the OSPF priority. The value set in this field helps 
determine the designated router for this network. Range is 

0 to 255. 

Specifies the interval (in seconds) between link state 
advertisements (LSAs). Range is 0 to 65,535 seconds. 

Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 65,535 seconds. 


40 seconds 

10 seconds: Ethernet, point-to-point, BVI, Tunnel, and PPP 
5 seconds 

1 second 
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Command History 





Release 3.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25,000: 


(config)#interface bvi 1 
(config-bvi 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing open shortest path 
first (OSPF) authentication. Use the no form of this command to return to the default setting. Variations of 
this command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication be used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Usage Examples 





The following example specifies that no authentication will be used on BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. PPP and BVI default to point-to-point. 


Command History 


Release 3.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 


A point-to-point network will not elect designated routers. 


Usage Examples 





The following example designates a broadcast network type: 


(config)#interface bvi 1 
(config-bvi 1)#ip ospf network broadcast 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Usage Examples 





The following example assigns the policy route map policy1 to the interface: 


(config)#interface bvi 1 
(config-bvi 1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no 
form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified MAC address and 
forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the 
unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only received RIP version 1 packets on the interface. 
2 Accepts only received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Use the ip rip receive version command to specify a RIP version that will override the version (in the 
Router RIP) configuration. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures a BVI interface to accept only RIP version 2 packets: 


(config)#interface bvi 1 
(config-bvi 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the 
unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Use the ip rip send version to specify a RIP version that will override the version (in the Router RIP) 
configuration. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures a BVI interface to transmit only RIP version 2 packets: 


(config)#interface bvi 1 
(config-bvi 1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface bvi 1 
(config-bvi 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


WOE Using network address translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual BVI interfaces. IP route cache is 
enabled for all virtual Point-to-Point Protocol (PPP) interfaces. 


Command History 





Release 2.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast-cache switching on a BVI interface: 


(config)#interface bvi 1 
(config-bvi 1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 
address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id]>. For example, for a T1 interface, use t1 0/1; for 
an Ethernet subinterface, use eth 0/1.1; fora PPP interface, use ppp 1; and 
for an ATM subinterface, use atm 1.1. Type ip unnumbered ? for a list of 
valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command was expanded to include demand interfaces. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the BVI 
Interface Configuration mode configures the BVI interface to use the IP address assigned to the Ethernet 
interface for all IP processing. In addition, AOS uses the specified interface information when sending 
route updates over the unnumbered interface. 


Usage Examples 





The following example configures BVI interface 1 to use the IP address assigned to the Ethernet interface 
(eth 0/1): 


(config)#interface bvi 1 
(config-bvi 1)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a universal resource locator (URL) filter to the interface for all 
inbound or outbound traffic. Use the no form of this command to remove the URL filter from an interface. 
Variations of this command include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <name> http command before applying it to the interface. Refer 
to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Examples 





The following example performs URL filtering on all traffic entering through BVI interface 1 and matches 
the URL filter named MyFilter: 


(config)#interface bvi 1 
(config-bvi 1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VPN routing and forwarding 
(VRF) instance. Use the no form of this command to remove the interface from the named VRF instance 
and assign it to the unnamed default VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP-related 
uT settings on that interface. 
vA 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF that is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF, but multiple interfaces can be assigned to the same VRFF. 


An interface will only forward IP traffic that matches its associated VRF. 


VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each 
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS 
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless 
of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the eth 0/1 interface to the VRF instance named RED: 


(config)#interface eth 0/1 
(config-eth 0/1)#ip vrf forwarding RED 
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mac-address <mac address> 


Use the mac-address command to specify the media access control (MAC) address of the VLAN 
interface. Only the last three values of the MAC address can be modified. The first three values contain the 
ADTRAN reserved number (00:0A:C8) by default. Use the no form of this command to return to the 
default MAC address programmed by ADTRAN. 


Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in following format xx:xx:xx:Xx:xx:xx (for example, 00:A0:C8:00:00:01). 


Default Values 





A unique default MAC address is programmed in each unit shipped by ADTRAN. 


Command History 





Release 5.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Usage Examples 
The following example configures a MAC address of 00:0A:C8:5F:00:D2 for BVI interface 1: 





(config)#interface bvi 1 
(config-bvi 1)#mac-address 00:0A:C8:5F:00:D2 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system-critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system-critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for quality of 
service (QoS). This setting is configured as a percentage of the total 
interface speed. Range is 1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system-critical traffic. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Usage Examples 





The following example specifies 85 percent of the bandwidth on BVI interface 1 be available for use in 
user-defined queues: 


(config)#interface bvi 1 
(config-bvi 1)#max-reserved-bandwidth 85 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Open shortest path first (OSPF) will not become adjacent on links where the MTU sizes do not match. If 
router A and router B are exchanging hello packets but their MTU sizes do not match, they will never reach 
adjacency. This is by design and required by the RFC. 
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Usage Examples 





The following example specifies an MTU of 1200 on BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#mtu 1200 
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qos-policy out <name> 


Use the qos-policy out command to apply a previously configured quality of service (QoS) map to 
outgoing packets on an interface. Use the no form of this command to remove the map from the interface. 


Syntax Description 


<name> Specifies the name of a previously created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 

2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. Across connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing (WFQ). 
6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 


Usage Examples 





The following example applies the QoS map VOICEMAP to BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#qos-policy out VOICEMAP 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the BVI interface 1: 


(config)#interface bvi 1 
(config-bvi 1)#rtp quality-monitoring 
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traffic-shape rate <value> 


Use the traffic-shape rate command to specify and enforce an output bandwidth for the bridged virtual 
interface (BVI). Use the no form of this command to disable this feature. Variations of this command 
include: 


traffic-shape rate <va/lue> 
traffic-shape rate <value> <burst> 


Syntax Description 





<value> Specifies the rate (in bits per second) at which the interface should be shaped. 


<burst> Optional. Specifies the allowed burst in bytes. By default, the burst is 
specified as the rate divided by 5 and represents the number of bytes that 
would flow within 200 ms. 


Default Values 


By default, traffic-shape rate is disabled. 


Command History 





Release 10.1 Command was introduced. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





Traffic shaping can be used to limit the VLAN interface to a particular rate or to specify use of quality of 
service (QoS). 


Usage Examples 





The following example sets the outbound rate of bvi 1 to 128 kbps and applies a QoS policy that gives all 
RTP traffic priority over all other traffic: 


config)#qos map voip 1 
config-qos-map)#match ip rtp 10000 10500 all 
config-qos-map)#priority unlimited 
config-qos-map)#interface bvi 1 

config-bvi 1)#traffic-shape rate 128000 
config-bvi 1)#qos-policy out voip 


aman a = = 
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DEMAND INTERFACE CONFIGURATION COMMAND SET 





To create a virtual demand interface and/or activate the Demand Interface Configuration mode, enter the 
interface demand command at the Global Configuration mode prompt. For example: 


#configure terminal 
(config)#interface demand 1 
(config-demand 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1436 

bandwidth <value> on page 1437 

called-number <number> on page 1438 
caller-number <number> on page 1439 
connect-mode on page 1440 

connect-order on page 144] 

connect-sequence on page 1442 

connect-sequence attempts <value> on page 1444 
connect-sequence interface-recovery on page 1445 
crypto map <name> on page 1446 
demand-hold-queue <number> timeout <value> on page 1448 
dynamic-dns on page 1449 

fair-queue on page 1451 

fast-idle <value> on page 1452 

hold-queue <value> out on page 1453 
idle-timeout <value> on page 1454 

ip commands begin on page 1455 

keepalive <value> on page 1482 
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lldp receive on page 1483 

lldp send on page 1454 

match-interesting on page 1486 
max-reserved-bandwidth <value> on page 1487 
mtu <size> on page 1458 

peer default ip address <ip address> on page 1490 
ppp commands begin on page 1491 

gos-policy on page 1502 

resource pool <name> on page 1503 

rtp quality-monitoring on page 1504 

snmp trap link-status on page 1505 


username <username> password <password> on page 1506 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 

Release 15.1 Command was expanded to include bridged virtual interfaces (BVI). 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the demand interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the demand interface 1: 


(config)#interface demand 1 
(config-demand 1)#access-policy Private 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 


<value> Specifies the bandwidth value in kbps. 


Default Values 





To view default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets the bandwidth of the demand interface to 10 Mbps: 


(config)#interface demand 1 
(config-demand 1)#bandwidth 10000 
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called-number <number> 
Use the called-number command to link calls to specific interfaces based on their dialed number 


identification service (DNIS) numbers. Multiple called numbers may be specified for an interface. Use the 
no form of this command to restore the default values. 


Syntax Description 





<number> Identifies the called number to be linked to an interface. The DNIS number 
is limited to 20 digits. 


Default Values 





By default, no called numbers are defined. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example links calls with a DNIS number of 2565558409 to the demand interface 1: 


(config)#interface demand 1 
(config-demand 1)#called-number 2565558409 
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caller-number <number> 
Use the caller-number command to link calls to specific interfaces based on its caller ID (CLID) number. 


Multiple caller ID numbers may be specified, allowing the interface to accept calls from different remote 
resources. Use the no form of this command to restore the default values. 


Syntax Description 





<number> Identifies the caller’s number to be linked to an interface. The CLID number 
is limited to 20 digits. 


Default Values 





By default, no caller numbers are defined. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example links calls with a CLID number of 2565559911 to the demand interface 1: 


(config)#interface demand 1 
(config-demand 1)#caller-number 2565559911 
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connect-mode 


Use the connect-mode command to configure the interface to only answer calls, only originate calls, or to 
both answer and originate calls. Use the no form of this command to restore the default values. Variations 
of this command include: 


connect-mode answer 
connect-mode either 
connect-mode originate 


Syntax Description 





answer Specifies the interface may be used to answer calls, but not originate calls. 
either Specifies the interface may be used to answer and originate calls. 
originate Specifies the interface may be used to originate calls, but not answer calls. 


Default Values 





By default, the connect mode is set to both answer and originate calls. 


Command History 


Release 11.1 Command was introduced. 


Usage Examples 





The following example configures demand interface 1 to only answer calls: 


(config)#interface demand 1 
(config-demand 1)#connect-mode answer 
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connect-order 


Use the connect-order command to specify the starting point in the connection sequence for each 
sequence activation. The connection sequence is a circular list. Use the no form of this command to restore 
the default values. Variations of this command include: 


connect-order last-successful 
connect-order round-robin 
connect-order sequential 


Syntax Description 





last-successful Specifies the connect sequence be processed beginning with the last 
successful entry or the first entry if there are no previous connections. 

round-robin Specifies the connect sequence be processed beginning with the entry that 
follows the last successful entry or the first entry if there are no previous 
connections. 

sequential Specifies the connect sequence be processed from the beginning of the list. 


Default Values 


By default, connect sequences are processed sequentially. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example configures the connection sequence to begin with the last successful entry: 


(config)#interface demand 1 
(config-demand 1)#connect-order last-successful 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1441 


Command Reference Guide Demand Interface Configuration Command Set 





connect-sequence 


Use the connect-sequence command to provide instructions to the interface on how to use the resource 
pool and telephone numbers to connect to demand destinations. Use the no form of this command to 
restore the default values. Variations of this command include the following: 


connect-sequence <val/ue> dial-string <string> forced-analog 

connect-sequence <value> dial-string <string> forced-analog busyout-threshold <value> 
connect-sequence <value> dial-string <string> forced-cellular 

connect-sequence <value> dial-string <string> forced-cellular busyout-threshold <value> 
connect-sequence <value> dial-string <string> forced-isdn-56k 

connect-sequence <value> dial-string <string> forced-isdn-56k busyout-threshold <va/ue> 
connect-sequence <value> dial-string <string> forced-isdn-64k 

connect-sequence <value> dial-string <string> forced-isdn-64k busyout-threshold <va/ue> 
connect-sequence <va/ue> dial-string <string> isdn-56k 

connect-sequence <value> dial-string <string> isdn-56k busyout-threshold <va/ue> 
connect-sequence <value> dial-string <string> isdn-64k 

connect-sequence <value> dial-string <string> isdn-64k busyout-threshold <va/ue> 


Syntax Description 


<value> Specifies the sequence number for this connection specification entry. 
Range is 1 to 65,535. 

dial-string <string> Specifies the telephone number to dial when using this connection. The dial 
string is limited to 20 digits. 

forced-analog Specifies that only analog resources may be used. 

forced-cellular Specifies that only cellular resources may be used. 

forced-isdn-56k Specifies that only integrated services digital network (ISDN) resources may 
be used. Call is placed using ISDN 56k. 

forced-isdn-64k Specifies that only ISDN resources may be used. Call is placed using ISDN 
64k. 

isdn-56k Specifies any dial resource may be used if ISDN 56k call-type is used. 

isdn-64k Specifies any dial resource may be used if ISDN 64k call-type is used. 

busy-threshold <value> Optional. Specifies the maximum number of connect sequence cycles 


during an activation attempt that must fail before it is skipped until the next 
activation attempt. 


Default Values 





By default, any dial resource may be used. 


By default, the dial string for cellular connections is #777. 


Command History 





Release 11.1 Command was introduced. 
Release 17.2 Command was expanded to include cellular connections. 
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Usage Examples 





The following example instructs demand interface 1 to place the call using ISDN 64k: 


(config)#interface demand 1 
(config-demand 1)#connect-sequence 65 dial-string 2565559911 forced-isdn-64k 


The following example instructs demand interface 1 to place the call using a cellular connection: 


(config)#interface demand 1 
(config-demand 1)#connect-sequence 1 dial-string #777 forced-cellular 
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connect-sequence attempts <va/ue> 


Use the connect-sequence attempts command to limit the number of times the connect sequence will 
cycle when its entries are unable to establish a connection. When the maximum number of attempts are 
exhausted, the interface will go into recovery mode. Refer to connect-sequence interface-recovery on page 
1445 for more information. Use the no form of this command to restore the default values. 


Syntax Description 





<value> Specifies the number of times the connect sequence will cycle through its 
entries if it is unable to make a connection. Range is 0 to 65,535. 


Default Values 





By default, the connect-sequence attempts are unlimited. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example instructs demand interface 1 to attempt its connection sequence 500 times: 


(config)#interface demand 1 
(config-demand 1)#connect-sequence attempts 500 
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connect-sequence interface- recovery 


Use the connect-sequence interface-recovery command to allow the interface to go down in the event 
that the connect-sequence attempts value is exhausted. Refer to connect-sequence attempts <value> on 
page 1444 for more information. Use the no form of this command to restore the default values. Variations 
of this command include: 


connect-sequence interface-recovery 
connect-sequence interface-recovery retry-interval <va/ue> 
connect-sequence interface-recovery retry-interval <va/ue> max-retries <number> 


Syntax Description 





retry-interval <value> Optional. Specifies the number of seconds the interface will wait between 
connect sequence cycles during recovery attempts. 


max-retries <number> Optional. Specifies the maximum number of times the connect sequence 
will cycle in an attempt to bring the interface back up. When in interface 
recovery mode, this value overrides the connect-sequence attempts 
value. 


Default Values 





By default, the connect-sequence interface-recovery retry-interval is set to 120 seconds and 
max-retries are unlimited. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures demand interface 1 to wait 60 seconds between retry attempts with a 
maximum number of 500 retries: 


(config)#interface demand 1 
(config-demand 1)#connect-sequence interface-recovery retry-interval 60 max-retries 500 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1445 


Command Reference Guide Demand Interface Configuration Command Set 





crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps that 
share the same name, but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Assigns a crypto map name to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 


When configuring a system to use both the stateful inspection firewall and Internet key exchange (IKE) 
negotiation for virtual private network (VPN), keep the following notes in mind. 


When defining the policy class and associated access control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted), it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local-side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the demand interface: 


(config)#interface demand 1 
(config-demand 1)#crypto map MyMap 
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demand-hold-queue <number> timeout <va/ue> 
Use the demand-hold-queue timeout command to set the number and length of time interesting packets 


will be held while a connection is being made. Use the no form of this command to restore the default 
values. 


Syntax Description 





<number> Specifies the number of packets that may be stored in the hold queue. 
Range is 0 to 100. 
<value> Specifies the number of seconds a packet may remain in the hold queue. 


Range is 0 to 255 seconds. 


Default Values 





By default, the hold queue is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures demand interface 1 to hold 50 packets in the queue for up to 
120 seconds: 


(config)#interface demand 1 
(config-demand 1)#demand-hold-queue 50 timeout 120 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the dynamic domain 
name server (DNS). 


<minutes> Specifies the intervals in minutes to update the server with information 
(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVI). 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
you to manage IP address mappings (A records), domain aliases (CNAME records), and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services, Inc. (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 
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dyndns-custom - DynDNS.org's Custom DNSSM service provides a full DNS solution, giving you 
complete control over an entire domain name. A Web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for most common configurations and allows for easy creation of most common record types. 
The advanced interface is designed for system administrators with a solid DNS background, and provides 
layout and functionality similar to a BIND zone file allowing for the creation of nearly any record type. 


Custom DNSS™ can be used with both static and dynamic IPs, and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS™ service in that it 
allows a host name, such as yourname.dyndns.org, to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate through the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all, but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
that also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the Dynamic DNS to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface demand 1 
(config-demand 1)#dynamic-dns dyndns-custom host user pass 
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fair-queue 


Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of 
this command to disable WFQ and enable first in, first out (FIFO) queueing for an interface. WFQ is 
enabled by default for wide area network (WAN) interfaces. Variations of this command include: 


fair-queue 
fair-queue <threshold> 


Syntax Description 





<threshold> Optional. Specifies the maximum number of packets that can be present in 
each conversation subqueue. Packets received for a conversation after this 
limit is reached are discarded. Range: 16 to 512 packets. 


Default Values 
By default, WFQ is enabled with a threshold of 64 packets. 





Command History 





Release 5.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example enables WFQ on the interface with a threshold set at 100 packets: 


(config)#interface demand 1 
(config-demand 1)#fair-queue 100 
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fast-idle <va/ue> 
Use the fast-idle command to set the amount of time the demand interface connection will remain active in 


the absence of interesting traffic when there is contention for the demand resources being used by this 
interface. Use the no form of this command to restore the default values. 


Syntax Description 





<value> Specifies the number of seconds the interface will remain up in the absence 
of interesting traffic. Range is 1 to 2,147,483 seconds. 


Default Values 





By default, fast-idle is set to 120 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets fast idle to 1,073,752 seconds: 


(config)#interface demand 1 
(config-demand 1)#fast-idle 1073752 
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hold-queue <va/ue> out 


Use the hold-queue out command to change the overall size of an interface's wide area network (WAN) 
output queue. Use the no form of this command to return to the default settings. 


Syntax Description 


<value> Specifies the total number of packets the output queue can contain before 
packets are dropped. Range is 16 to 1000 packets. 


Default Values 





The default queue size for weighted fair queuing (WFQ) is 400. The default queue size for Point-to-Point 
Protocol (PPP) first in, first out (FIFO) and Frame Relay round-robin is 200. 


Command History 





Release 5.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example sets the overall output queue size to 700: 


(config)#interface demand 1 
(config-demand 1)#hold-queue 700 out 
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idle-timeout <va/ue> 


Use the idle-timeout command to set the amount of time the interface link/bundle will remain up in the 
absence of interesting traffic. Interesting traffic and direction logic are set using the match-interesting 
commands. Refer to match-interesting on page 1486 for more information. Use the no form of this 
command to restore the default values. 


Syntax Description 





<value> Specifies the number of seconds the interface will remain up in the absence 
of interesting traffic. Range is 1 to 2,147,483 seconds. 


Default Values 





By default, idle-timeout is set to 120 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example configures demand interface 1 to time out after 360 seconds: 


(config)#interface demand 1 
(config-demand 1)#idle-timeout 360 
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ip access-group <name> 


Use the ip access-group command to create an access control list (ACL) to be used for packets transmitted 
on or received from the specified interface. Use the no form of this command to disable this type of 
control. Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Indicates the assigned IP ACL name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 





The following example sets up the router to only allow Telnet traffic into the demand interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#interface demand 1 
config-demand 1)#ip access-group TelnetOnly in 


aN aN 
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ip address negotiated 


Use the ip address negotiated command to allow the interface to negotiate (i.e., be assigned) an IP 
address from the far end Point-to-Point Protocol (PPP) connection. Use the no form of this command to 
disable the negotiation for an IP address. Variations of this command include: 


ip address negotiated 
ip address negotiated no-default 


Syntax Description 





no-default Optional. Prevents the insertion of a default route. Some systems already 
have a default route configured and need a static route to the PPP interface 
to function correctly. 


Default Values 





By default, the interface is assigned an address with the ip address <ip address> <subnet mask> 
command. 


Command History 


Release 5.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 


The following example enables the demand interface to negotiate an IP address from the far end 
connection: 


(config)#interface demand 1 
(config-demand 1)#ip address negotiated 
The following example enables the demand interface to negotiate an IP address from the far end 


connection without inserting a default route: 


(config)#interface demand 1 
(config-demand 1)#ip address negotiated no-default 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the optional keyword 
secondary to define a secondary IP address. Use the no form of this command to remove a configured IP 
address. Variations of this command include: 


ip address <i/p address> <subnet mask> 
ip address <ip address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 
The following example configures a secondary IP address of 192.22.72.101 255.255.255.252: 





(config)#interface demand 1 
(config-demand 1)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip directed-broadcast 


Use the ip directed-broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this feature. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list (ACL) name. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an ACL with this 
command. In this case, only directed broadcasts that are permitted by the specified ACL will be forwarded, 
and all other directed broadcasts directed to this interface subnet will be dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC 1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC 2644), with the intended goal of reducing the efficacy of certain types of denial of 
service (DoS) attacks. 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface demand 1: 


(config)#interface demand 1 
(config-demand 1)#ip directed-broadcast 
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ip flow 


Use the ip flow command to enable integrated traffic monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of this command to disable traffic monitoring. Variations of 
this command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Default Values 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables traffic monitoring on a demand interface to monitor incoming traffic 
through an ACL called myacl: 


(config)#interface demand 1 
(config-demand 1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 


When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign a helper address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248 /30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface demand 1 
(config-demand 1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or Internet Group Management Protocol 
(IGMP) snooping switch) is connected to the interface, when a leave is 
received, multicast of that group is immediately terminated as opposed 
to sending a group query and timing out the group if no device responds. 
Works in conjunction with ip igmp last-member-query-interval. 
Applies to all groups when configured. Use the no form of this command 
to disable the immediate-leave feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description (Continued) 


static-group <address> Configures the router's interface to be a statically connected member of 
the specified group. Packets received on the correct reverse path 
forwarding (RPF) interface are forwarded to this interface regardless of 
whether any receivers have joined the specified group using IGMP. Use 
the no form of this command to remove a configured static group. 





version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 


Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface demand 1 
(config-demand 1)#ip igmp last-member-query-interval 200 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1464 


Command Reference Guide Demand Interface Configuration Command Set 





ip mcast-stub downstream 
Use the ip mcast-stub downstream command to enable multicast forwarding and Internet Group 


Management Protocol (IGMP) (router mode) on an interface and place it in multicast stub downstream 
mode. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 1468 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface demand 1 
(config-demand 1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group <address> command (on page 1463) to receive multicast traffic without 
host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all 
host-initiated IGMP transactions will enter multicast routes on the router’s interface involved with IGMP 
activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface demand 1 
(config-demand 1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the 
Internet Group Management Protocol (IGMP) proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 
Release 11.1 Command was expanded to include the demand interface. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1465, and 
jp mcast-stub upstream on page 1468 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface demand 1 
(config-demand 1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1465 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface demand 1 
(config-demand 1)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize open shortest path first (OSPF) settings (if needed). Use the no 
form of these commands to return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 
retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 
Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 

1 to 65,535. 

Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 32,767 
seconds. 

Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 

Configures OSPF message digest 5 (MD5) authentication 

(16 byte maximum) keys. 

Sets the OSPF priority. The value set in this field helps 
determine the designated router for this network. Range is 

0 to 255. 

Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 

Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


40 seconds 

10 seconds: Ethernet, point-to-point, Frame Relay, and PPP 
5 seconds 

1 second 
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Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25,000: 


(config)#interface demand 1 
(config-demand 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing open shortest path 
first (OSPF) authentication. Use the no form of this command to return to the default setting. Variations of 
this command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication be used. 


Default Values 





By default, ip ospf authentication is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example specifies that no authentication will be used on the demand interface: 


(config)#interface demand 1 
(config-demand 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. Point-to-Point Protocol (PPP) and Frame Relay default to 
point-to-point. 


Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 





The following example designates a broadcast network type: 


(config)#interface demand 1 
(config-demand 1)#ip ospf network broadcast 
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ip policy route-map <name> 


Use the ip policy route-map command to associate a route map with a network interface source. Use the 
no form of this command to disable this feature. 


Syntax Description 


<name> Specifies the route map to associate with this interface. 


Default Values 





By default, policy-based routing is disabled for all interfaces. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example associates the route map named MyMap with demand interface 1: 


(config)#interface demand 1 
(config-demand 1)#ip policy route-map MyMap 
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ip proxy-arp 


Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no 
form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified media access 
control (MAC) address and forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following example enables proxy ARP on the virtual demand interface: 


(config)#interface demand 1 
(config-demand 1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the 
unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only received RIP version 1 packets on the interface. 
2 Accepts only received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Use the ip rip receive version to specify a RIP version that overrides the version (in the Router RIP) 
configuration. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the virtual demand interface to accept only RIP version 2 packets: 


(config)#interface demand 1 
(config-demand 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the 
unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Use the ip rip send version to specify a RIP version that overrides the version (in the Router RIP) 
configuration. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the virtual demand interface to transmit only RIP version 2 packets: 


(config)#interface demand 1 
(config-demand 1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface demand 1 
(config-demand 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


WOE Using network address translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP route 
cache is enabled for all virtual demand interfaces. 


Command History 





Release 2.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Fast-cache switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast-cache switching on the virtual demand interface: 


(config)#interface demand 1 
(config-demand 1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ? 
for a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Demand 
Interface Configuration mode configures the demand interface to use the IP address assigned to the 
Ethernet interface for all IP processing. In addition, AOS uses the specified interface information when 
sending route updates over the unnumbered interface. Static routes may either use the interface name 
(ppp 1) or the far-end address (if it will be discovered). 


Usage Examples 





The following example configures the demand interface (labeled demand 1) to use the IP address 
assigned to the Ethernet interface (eth 0/1): 


(config)#interface demand 1 
(config-demand 1)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <filtername> http command before applying it to the interface. 
Refer to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Examples 





The following example performs URL filtering on all traffic entering through the demand interface (labeled 
demand 1) and matches the URL filter named MyFilter: 


(config)#interface demand 1 
(config-demand 1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VPN routing and forwarding 
(VRF) instance. Use the no form of the command to remove the interface from the named VRF instance 
and assign it to the unnamed default VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP-related 
uT settings on that interface. 
vA 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF that is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF, but multiple interfaces can be assigned to the same VRFF. 


An interface will only forward IP traffic that matches its associated VRF. 


VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each 
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS 
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless 
of whether multi-VRF is configured. Therefore, executing the abovementioned commands without 
specifying a VRF will only affect the default unnamed VRF. 


Usage Examples 





The following example assigns the demand 1 interface to the VRF instance named RED: 


(config)#interface demand 1 
(config-demand 1)#ip vrf forwarding RED 
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keepalive <value> 
Use the keepalive command to enable the transmission of keepalive packets on the interface and specify 


the time interval in seconds between transmitted packets. Use the no form of this command to return to the 
default setting. 


Syntax Description 





<value> Defines the time interval (in seconds) between transmitted keepalive 
packets. Range is 0 to 32,767 seconds. 


Default Values 





By default, the time interval between transmitted keepalive packets is 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





If three keepalive packets are sent to an interface with no response, the interface is considered down. To 
detect interface failures quickly, specify a smaller keepalive time. 


Usage Examples 





The following example specifies a keepalive time of 5 seconds on the virtual demand interface: 


(config)#interface demand 1 
(config-demand 1)#keepalive 5 
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lldp receive 


Use the Ildp receive command to allow local loop demarcation point (LLDP) packets to be received on 
this interface. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 9.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example configures the demand interface to receive LLDP packets: 


(config)#interface demand 1 
(config-demand 1)#Ildp receive 
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lldp send 


Use the Ildp send command to configure this interface to transmit local loop demarcation point (LLDP) 
packets or to control the types of information contained in the LLDP packets transmitted by this interface. 
Use the no form of these commands to disable these features. Variations of this command include: 


lldp send 

lidp send management-address 
lldp send port-description 

lldp send system-capabilities 
lldp send system-description 
lldp send system-name 

lldp send-and-receive 


Syntax Description 





management-address Enables transmission of management address information on this interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
and-receive Configures this interface to both transmit and receive LLDP packets. 


Default Values 





By default, all interfaces are configured to transmit and receive LLDP packets of all types. 


Command History 


Release 9.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send-and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 


Usage Examples 





The following example configures the demand interface to transmit LLDP packets containing all enabled 
information types: 


(config)#interface demand 1 
(config-demand 1)#Ildp send 
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The following example configures the demand interface to transmit and receive LLDP packets containing 
all information types: 


(config)#interface demand 1 
(config-demand 1)#Ildp send-and-receive 
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match-interesting 


Use the match-interesting command to allow an access control list (ACL) to specify which traffic 
attempting to cross this interface will be considered interesting. Use the no form of this command to 
restore the default values. Variations of this command include: 


match-interesting list <name> 
match-interesting list <name> in 
match-interesting list <name> out 
match-interesting reverse list <name> 
match-interesting reverse list <name> in 
match-interesting reverse list <name> out 


Syntax Description 





list <name> Specifies using an ACL with normal (source, destination) ACL matching 
logic. 

reverse list <name> Specifies using an ACL with reverse (destination, source) ACL matching 
logic. 

in Optional. Specifies that only incoming traffic is interesting. 

out Optional. Specifies that only outgoing traffic is interesting. 


Default Values 





By default, no interesting traffic is defined. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example instructs demand interface 1 to use the access control list MyACL when checking 
for interesting traffic: 


(config)#interface demand 1 
(config-demand 1)#match-interesting list MyACL in 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system-critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system-critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for quality of 
service (QoS). This setting is configured as a percentage of the total 
interface speed. Range is 1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system-critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent of the bandwidth on the demand interface 1 be available for 
use in user-defined queues: 


(config)#interface demand 1 
(config-demand 1)#max-reserved-bandwidth 85 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1487 


Command Reference Guide Demand Interface Configuration Command Set 





mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Open shortest path first (OSPF) will not become adjacent on links where the MTU sizes do not match. If 
router A and router B are exchanging hello packets but their MTU sizes do not match, they will never reach 
adjacency. This is by design and required by the RFC. 
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Usage Examples 





The following example specifies an MTU of 1200 on the virtual demand interface: 


(config)#interface demand 1 
(config-demand 1)#mtu 1200 
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peer default ip address </p address> 


Use the peer default ip address command to specify the default IP address of the remote end of this 
interface. Use the no form of this command to remove a configured default IP address. 


Syntax Description 


<ijpp address> Specifies the default IP address for the remote end. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, there is no assigned peer default IP address. 


Command History 





Release 3.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





This command is useful if the peer does not send the IP address option during PPP negotiations. 


Usage Examples 





The following example sets the default peer IP address to 192.22.71.50: 


(config)#interface demand 1 
(config-demand 1)#peer default ip address 192.22.71.50 
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ppp authentication 


Use the ppp authentication command to specify the authentication protocol on the Point-to-Point 
Protocol (PPP) virtual interface that the peer should use to authenticate itself. Use the no form of this 
command to remove configured PPP authentication. Variations of this command include: 


ppp authentication chap 
ppp authentication pap 


Syntax Description 





chap Configures Challenge-Handshake Authentication Protocol (CHAP) 
authentication on the interface. 

pap Configures Password Authentication Protocol (PAP) authentication on the 
interface. 


Default Values 


By default, PPP endpoints have no authentication configured. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Technology Review 





CHAP and PAP are two authentication methods that enjoy widespread support. Both methods are included 
in AOS and are easily configured. 





The authentication method set up on the local router can be different from that on the peer. 
‘ore Also, just because one router requires authentication from its peer does not mean it also 
has to authenticate itself to the peer. 





Defining PAP 


The PAP is used to verify that the PPP peer is a permitted device by checking a user name and password 
configured on the peer. The user name and password are both sent unencrypted across the connecting 
private circuit. 


PAP requires a two-way message passing. First, the router that is required to be authenticated (for 
example, the peer) sends an authentication request with its user name and password to the router 
requiring authentication (for example, the local router). The local router then looks up the user name and 
password in the user name database within the PPP interface and, if they match, sends an authentication 
acknowledge back to the peer. 
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The PPP user name and password database is separate and distinct from the global user 
‘ore name password database. For PAP and CHAP, use the database under the PPP interface 
configuration. 





Several example scenarios are given below for clarity. 

Configuring PAP Example 1: Only the local router requires the peer to authenticate itself. 

On the local router (host name Local): 

Local(config-demand 1)#ppp authentication pap 

Local(config-demand 1)#username farend password same 

On the peer (host name Peer): 

Peer(config-demand 1)#ppp pap sent-username farend password same 

The first line of the configuration sets the authentication mode as PAP. This means the peer is required to 
authenticate itself to the local router via PAP. The second line is the user name and password expected to 


be sent from the peer. On the peer, the ppp pap sent-username command is used to specify the 
appropriate matching user name and password. 


Configuring PAP Example 2: Both routers require the peer to authenticate itself. 
On the local router (host name Local): 


Local(config-demand 1)#ppp authentication pap 
Local(config-demand 1)#username farend password far 
Local(config-demand 1)#ppp pap sent-username nearend password near 


On the peer (host name Peer): 


Peer(config-demand 1)#ppp authentication pap 
Peer(config-demand 1)#username nearend password near 
Peer(config-demand 1)#ppp pap sent-username farend password far 


Now both routers send the authentication request, verify that the user name and password sent match 
what is expected in the database, and send an authentication acknowledge. 
Defining CHAP 


The CHAP is a three-way authentication protocol composed of a challenge response and success or 
failure. The message digest 5 (MD5) protocol is used to protect user names and passwords in the 
response. 
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First, the local router (requiring its peer to be authenticated) sends a challenge containing only its own 
unencrypted user name to the peer. The peer then looks up the user name in the user name database 
within the PPP interface and, if found, takes the corresponding password and its own host name and 
sends a response back to the local router. This data is encrypted. The local router verifies that the user 
name and password are in its own user name database within the PPP interface and, if so, sends a 
success back to the peer. 





The PPP user name and password database is separate and distinct from the global user 
‘eon name password database. For PAP and CHAP. use the database under the PPP interface 
configuration. 





Several example scenarios are given below for clarity. 

Configuring CHAP Example 1: Only the local router requires the peer to authenticate itself. 

On the local router (host name Local): 

Local(config-demand 1)#ppp authentication chap 

Local(config-demand 1)#username Peer password same 

On the peer (host name Peer): 

Peer(config-demand 1)#ppp chap password same 

The first line of this configuration sets the authentication mode to CHAP. This means the peer is required to 
authenticate itself to the local router via CHAP. The second line is the user name and password expected 


to be sent from the peer. The peer uses its hostname and ppp chap password commands to send the 
proper authentication information. 


‘ore Both ends must have identical passwords. 





Configuring CHAP Example 2: Using the ppp chap hostname command as an alternate solution. 
On the local router (host name Local): 

Local(config-demand 1)#ppp authentication chap 

Local(config-demand 1)#username farend password same 

On the peer (host name Peer): 


Peer(config-demand 1)#ppp chap hostname farend 
Peer(config-demand 1)#ppp chap password same 
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Notice the local router is expecting user name farend even though the peer router's host name is Peer. 
Therefore, the peer router can use the ppp chap hostname command to send the correct name in the 
challenge. 





‘ore Both ends must have identical passwords. 


Configuring CHAP Example 3: Both routers require each other to authenticate themselves using 
the same shared password. 


On the local router (host name Local): 
Local(config-demand 1)#ppp authentication chap 
Local(config-demand 1)#username Peer password same 
On the peer (host name Peer): 

Peer(config-demand 1)#ppp authentication chap 


Peer(config-demand 1)#username Local password same 


This is basically identical to Example 1 except that both routers will now challenge each other and 
respond. 





‘ore Both ends must have identical passwords. 





Configuring CHAP Example 4: Both routers require each other to authenticate themselves using 
two separate shared passwords. 


On the local router (host name Local): 


Local(config-demand 1)#ppp authentication chap 
Local(config-demand 1)#username Peer password far 
Local(config-demand 1)#ppp chap password near 


On the peer (host name Peer): 


Peer(config-demand 1)#ppp authentication chap 
Peer(config-demand 1)#username Local password near 
Peer(config-demand 1)#ppp chap password far 
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This is basically identical to Example 3, except that there are two separate shared passwords. 


‘one Notice this example has both ends using different sets of passwords. 





Configuring CHAP Example 5: Using the ppp chap hostname command as an alternate solution. 
On the local router (host name Local): 


Local 
Local 
Local 
Local 


config-demand 1 
config-demand 1 
config-demand 1 
config-demand 1 


#ppp authentication chap 
#username farend password far 
#ppp chap hostname nearend 
#ppp chap password near 


aT om 
YS #w YS WH 


On the peer (host name Peer): 


Peer(config-demand 1 


( #ppp authentication chap 
Peer(config-demand 1 

( 

( 


#username nearend password near 
#ppp chap hostname farend 
#ppp chap password far 


Peer(config-demand 1 
Peer(config-demand 1 


~~ wa YS WH 


Notice the local router is expecting user name farend even though the peer router's host name is Peer. 
Therefore, the peer router can use the ppp chap hostname command to send the correct name on the 
challenge. 





‘ore Notice this example has both ends using different sets of passwords. 
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ppp bcp tagged-frame 


Use the ppp bep tagged-frame command to allow negotiation of IEEE 802.1Q-tagged packets over 
Bridging Control Protocol (BCP). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example configures the interface to negotiate tagged frames over bcp: 


(config)#interface demand 1 
(config-demand 1)#ppp bcp tagged-frame 
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ppp chap hostname <name> 


Use the ppp chap hostname command to configure an alternate host name for Challenge-Handshake 
Authentication Protocol (CHAP) Point-to-Point Protocol (PPP) authentication. Use the no form of this 
command to remove a configured host name. For more information on PAP and CHAP functionality, refer 
to the Technology Review section for the command ppp authentication on page 1491. 


Syntax Description 





<name> Specifies a host name using an alphanumeric string up to 80 characters in 
length. 


Default Values 





By default, there are no configured PPP CHAP host names. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example specifies a PPP CHAP host name of my_host: 


(config)#interface demand 1 
(config-demand 1)#ppp chap hostname my_host 
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ppp chap password <password> 


Use the ppp chap password command to configure an alternate password when the peer requires 
Challenge-Handshake Authentication Protocol (CHAP) Point-to-Point Protocol (PPP) authentication. Use 
the no form of this command to remove a configured password. For more information on PAP and CHAP 
functionality, refer to the Technology Review section for the command ppp authentication on page 1491. 


Syntax Description 





<password> Specifies a password using an alphanumeric string up to 80 characters in 
length. 


Default Values 
By default, there is no defined PPP CHAP password. 





Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example specifies a PPP CHAP password of my_password: 


(config)#interface demand 1 
(config-demand 1)#ppp chap password my_password 
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ppp multilink 


Use the ppp multilink command to enable Multilink Point-to-Point Protocol (MLPPP) operation on an 
existing PPP interface. Use the no form of this command to disable this feature. Variations of this 
command include: 


ppp multilink 

ppp multilink fragmentation 

ppp multilink interleave 

ppp multilink maximum <number> 


Syntax Description 





fragmentation Enables multilink fragmentation operation. 
interleave Enables multilink interleave operation. 
maximum <number> Specifies the maximum number of links allowed in a PPP multilink bundle. 


Default Values 
By default, MLPPP is disabled. 





Command History 





Release 7.1 Command was introduced. 
Release 7.2 Fragmentation and interleave operation were added. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 
When enabled, this interface is capable of the following: 


* Combining multiple physical links into one logical link. 
« Receiving upper layer protocol data units (PDU), fragmenting and transmitting over the physical links. 
¢ Receiving fragments over the physical links and reassembling them into PDUs. 


The fragmentation and interleave options can be used to enhance the multilink operation. Fragmentation is 
used to reduce serialization delays of large packets. The fragmentation process evenly divides the data 
among all links in the bundle with a minimum packet size of 96 bytes. The interleave operation is used with 
streaming protocols to reduce delay by giving priority to packets identified as being high priority. Delivery in 
order is guaranteed with multilink fragmentation, but is not guaranteed with multilink interleave operation. 


The multilink bundle will remain active with a minimum of one physical link. Physical links may be 
dynamically added or removed from the multilink bundle with minor interruption to traffic flow. 
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Usage Examples 





The following example enables MLPPP: 


(config)#interface demand 1 
(config-demand 1)#ppp multilink 
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ppp pap sent-username <username> password <password> 


Use the ppp pap sent-username/password command to configure a user name and password when the 
peer requires Password Authentication Protocol (PAP) Point-to-Point Protocol (PPP) authentication. Use 
the no form of this command to remove a configured password. For more information on PAP and CHAP 
functionality, refer to the Technology Review section for the command ppp authentication on page 1491. 


Syntax Description 





<username> Specifies a user name by alphanumeric string up to 80 characters in length 
(the user name is case sensitive). 


<password> Specifies a password by alphanumeric string up to 80 characters in length 
(the password is case sensitive). 


Default Values 





By default, there is no defined ppp pap sent-username and password. 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Usage Examples 





The following example specifies a PPP PAP sent-user name of local and a password of my_password: 


(config)#interface demand 1 
(config-demand 1)#ppp pap sent-username local password my_password 
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qos-policy 


Use the qos-policy command to apply a previously configured quality of service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 6.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 
Release 15.1 Command was expanded to include the in option. 


Usage Examples 





The following example applies the QoS map VOICEMAP to the demand 1 interface: 


(config)#interface demand 1 
(config-demand 1)#qos-policy out VOICEMAP 
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resource pool <name> 
Use the resource pool command to associate a resource pool with the demand interface. No more than one 


resource pool may be associated with an interface. Refer to resource pool-member <name> on page 1061 
for more information. Use the no form of this command to restore the default values. 


Syntax Description 





<name> Specifies the resource pool that this interface will use to originate/answer 
demand connections. 


Default Values 





By default, no resource pool is associated with this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example associates the resource pool named Pool1 with demand interface 1: 


(config)#interface demand 1 
(config-demand 1)#resource pool Pool1 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, VQM is enabled on all wide area network (WAN) and local area network (LAN) interfaces. 


Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the virtual demand interface: 


(config)#interface demand 1 
(config-demand 1)#rtp quality-monitoring 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all interfaces except virtual 
Frame Relay interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the virtual demand interface: 


(config)#interface demand 1 
(config-demand 1)#no snmp trap link-status 
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username <username> password <password> 


Use the username password command to configure the user name and password of the peer to use for 
demand authentication. Use the no form of this command to remove a configured user name and password. 


Syntax Description 


<username> Specifies a user name by alphanumerical string up to 30 characters in 
length (the user name is case sensitive). 


<password> Specifies a password by alphanumerical string up to 30 characters in length 
(the password is case sensitive). 


Default Values 





By default, there is no established user name and password. 


Command History 


Release 1.1 Command was introduced. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





Password Authentication Protocol (PAP) uses this entry to check received information from the peer. 
Challenge-Handshake Authentication Protocol (CHAP) uses this entry to check the received peer host 
name and a common password. 


Usage Examples 





The following example creates a user name of ADTRAN with password ADTRAN for the demand link 
labeled 5: 


(config)#interface demand 5 
(config-demand 5)#username ADTRAN password ADTRAN 
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FRAME RELAY INTERFACE CONFIG COMMAND SET 





To create a virtual Frame Relay interface and activate the Frame Relay Interface Configuration mode, 
enter the interface frame-relay command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface frame-relay 1 
(config-fr 1)# 


By default, Frame Relay interfaces are created as point-to-point links. This default setting cannot be 
altered. The following command creates the exact same interface as that mentioned above: 


>enable 

#configure terminal 

(config)#interface frame-relay 1 point-to-point 
(config-fr 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


bandwidth <value> on page 1508 
encapsulation frame-relay ietf on page 1509 
fair-queue on page 1510 

frame-relay commands begin on page I511 
hold-queue <value> out on page 1523 
max-reserved-bandwidth <value> on page 1524 
qos-policy on page 1525 

snmp trap on page 1527 

snmp trap link-status on page 1528 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 


<value> Specifies bandwidth in kbps. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the Frame Relay interface to 10 Mbps: 


(config)#interface frame-relay 1 
(config-fr 1)#bandwidth 10000 
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encapsulation frame-relay ietf 
Use the encapsulation frame-relay ietf command to configure the encapsulation on a virtual Frame Relay 


interface as IETF (RFC 1490). Currently, this is the only encapsulation setting. Settings for this option 
must match the far-end router’s settings in order for the Frame Relay interface to become active. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all Frame Relay interfaces use IETF encapsulation. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures the endpoint for IETF encapsulation: 


(config)#interface frame-relay 1 
(config-fr 1)#encapsulation frame-relay ietf 
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fair-queue 


Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of 
this command to disable WFQ and enable first in, first out (FIFO) queueing for an interface. WFQ is 
enabled by default for WAN interfaces. Variations of this command include: 


fair-queue 
fair-queue <value> 


Syntax Description 





<value> Optional. Specifies the maximum number of packets that can be present in 
each conversation subqueue. Packets received for a conversation after this 
limit is reached are discarded. Range is 16 to 512 packets. 


Default Values 





By default, fair-queue is enabled with a threshold of 64 packets. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables WFQ on the interface with a threshold set at 100 packets: 


(config)#interface frame-relay 1 
(config-fr 1)#fair-queue 100 
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frame-relay intf-type 


Use the frame-relay intf-type command to define the Frame Relay signaling role needed for the endpoint. 
Use the no form of this command to return to the default value. Variations of this command include: 


frame-relay intf-type dce 
frame-relay intf-type dte 
frame-relay intf-type nni 


Syntax Description 





dce Specifies DCE or network-signaling role. Use this interface type when you 
need the unit to emulate the frame switch. 


dte Specifies DTE or user-signaling role. Use this interface type when 
connecting to a Frame Relay switch (or piece of equipment emulating a 
frame switch). 


nni Configures the interface to support both network and user signaling (DTE or 
DCE) when necessary. 


Default Values 


By default, frame-relay intf-type is set to dte. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example configures the Frame Relay endpoint for DCE signaling: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay intf-type dce 
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frame-relay Imi-n391dce <va/lue> 
Use the frame-relay Imi-n391dce command to set the N391 full status polling counter for the DCE 


endpoint. Typical applications should leave the default value for this timer. Use the no form of this 
command to return to the default value. 


Syntax Description 





<value> Sets the poll counter value. Valid range is 1 to 255. 


Default Values 





By default, the polling counter for the DCE endpoint is set to six polls. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The N391 counter determines how many link integrity polls occur in between full status polls. The number 
of link integrity polls between full status polls is n - 1, where n represents the full status poll. n can be set to 
any number between 1 and 255, but the default is used for most applications. 


Usage Examples 





The following example sets the N391 counter for three polls: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-n391dce 3 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1512 


Command Reference Guide Frame Relay Interface Config Command Set 





frame-relay Imi-n391dte <value> 
Use the frame-relay Imi-n391dte command to set the N391 full status polling counter for the DTE 


endpoint. Typical applications should leave the default value for this timer. Use the no form of this 
command to return to the default value. 


Syntax Description 





<value> Sets the poll counter value. Valid range is 1 to 255. 


Default Values 





By default, the polling counter for the DTE endpoint is set to six polls. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The N391 counter determines how many link integrity polls occur in between full status polls. The number 
of link integrity polls between full status polls is n - 1, where n represents the full status poll. n can be set to 
any number between 1 and 255, but the default is used for most applications. 


Usage Examples 





The following example sets the N391 counter for three polls: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-n391dte 3 
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frame-relay Imi-n392dce <value> 
Use the frame-relay Imi-n392dce command to set the N392 error threshold for the DCE endpoint. Typical 


applications should leave the default value for this setting. Use the no form of this command to return to 
the default value. 


Syntax Description 





<value> Sets the error threshold value. Valid range is 1 to 10 errors. 


Default Values 





By default, the error threshold for the DCE endpoint is set to three errors. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





If the error threshold is met, the signaling state status is changed to down, indicating a service-affecting 
condition. This condition is cleared once N393 consecutive error-free events are received. N392 defines 
the number of errors required in a given event window, while N393 defines the number of polling events in 
each window. 


For example: 
If N892 = 3 and N393 = 4, then if three errors occur within any four events, the interface is determined 


inactive. 


Usage Examples 





The following example sets the N392 threshold for 5 seconds: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-n392dce 5 
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frame-relay Imi-n392dte <value> 
Use the frame-relay Imi-n392dte command to set the N392 error threshold for the DTE endpoint. Typical 


applications should leave the default value for this setting. Use the no form of this command to return to 
the default value. 


Syntax Description 





<value> Sets the error threshold value. Valid range is 1 to 10 errors. 


Default Values 





By default, the error threshold for the DTE endpoint is set to three errors. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





If the error threshold is met, the signaling state status is changed to down, indicating a service-affecting 
condition. This condition is cleared once N393 consecutive error-free events are received. N392 defines 
the number of errors required in a given event window, while N393 defines the number of polling events in 
each window. 


For example: 
If N892 = 3 and N393 = 4, then if three errors occur within any four events, the interface is determined 


inactive. 


Usage Examples 





The following example sets the N392 threshold for five errors: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-n392dte 5 
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frame-relay Imi-n393dce <va/lue> 
Use the frame-relay Imi-n393dce to set the N393 LMI monitored event counter for the DCE endpoint. 


Typical applications should leave the default value for this counter. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Sets the event counter value. Valid range is 1 to 10 events. 


Default Values 





By default, the LMI monitored event counter for the DCE endpoint is set to four events. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example sets the N393 threshold for five events: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-n393dce 5 
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frame-relay Imi-n393dte <value> 
Use the frame-relay Imi-n393dte command to set the N393 LMI monitored event counter for the DTE 


endpoint. Typical applications should leave the default value for this counter. Use the no form of this 
command to return to the default value. 


Syntax Description 





<value> Sets the event counter value. Valid range is 1 to 10 events. 


Default Values 





By default, the LMI monitored event counter for the DTE endpoint is set to four events. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example sets the N393 threshold for five events: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-n393dte 5 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1517 


Command Reference Guide Frame Relay Interface Config Command Set 





frame-relay Imi-t391dte <value> 
Use the frame-relay Imi-t391dte command to set the T391 signal polling timer for the DTE endpoint. 


Typical applications should leave the default value for this timer. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Sets the signal polling timer value in seconds. Valid range is 5 to 
30 seconds. 


Default Values 





By default, the signal polling timer for the DTE endpoint is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The T391 timer sets the time (in seconds) between polls to the Frame Relay network. 


Usage Examples 





The following example sets the T391 timer for 15 seconds: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-t391dte 15 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1518 


Command Reference Guide Frame Relay Interface Config Command Set 





frame-relay Imi-t392dce <value> 
Use the frame-relay Imi-t392dce command to set the T392 polling verification timer for the DCE 


endpoint. Typical applications should leave the default value for this timer. Use the no form of this 
command to return to the default value. 


Syntax Description 





<value> Sets the polling verification timer value in seconds. Valid range is 5 to 
30 seconds. 


Default Values 





By default, the polling verification timer for the DCE endpoint is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The T392 sets the timeout (in seconds) between polling intervals. This parameter needs to be a few 
seconds longer than the T391 setting of the attached Frame Relay device. 


Usage Examples 





The following example sets the T392 timer for 15 seconds: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-t392dce 15 
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frame-relay Imi-type 


Use the frame-relay Imi-type command to define the Frame Relay signaling (LMI) type. Use the no form 
of this command to return to the default value. Variations of this command include: 


frame-relay Imi-type ansi 
frame-relay Imi-type auto 
frame-relay Imi-type cisco 
frame-relay Imi-type none 
frame-relay Imi-type q933a 


Syntax Description 


ansi Specifies Annex D signaling method. 

auto Automatically determines signaling type by messages received on the 
frame circuit. 

cisco Specifies Group of 4 signaling method. 

none Turns off signaling on the endpoint. This is used for dial-backup connections 


to ADTRAN IQ and Express series products. 
q933a Specifies Annex A signaling method. 


Default Values 





By default, the Frame Relay signaling type is set to ansi. 


Command History 


Release 1.1 Command was introduced. 


Release 2.1 Added signaling type none to provide support for dial-backup to ADTRAN 
IQ and Express series products. 


Usage Examples 





The following example sets the signaling method for the endpoint to cisco: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay Imi-type cisco 
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frame-relay multilink 


Use the frame-relay multilink command to enable the Frame Relay multilink interface. When the no 
form of this command is issued, all configuration options associated with this command and cross connects 
made to this interface are removed. Variations of this command include: 


frame-relay multilink 

frame-relay multilink ack <value> 

frame-relay multilink bandwidth-class [A | B] 
frame-relay multilink bandwidth-class C <threshold> 
frame-relay multilink bid <string> 

frame-relay multilink hello <va/ue> 

frame-relay multilink retry <number> 


Syntax Description 





ack <value> Optional. Specifies a wait for acknowledgement time (in seconds) for every 
bundle link in the bundle. Range is 1 to 180 seconds. 


bandwidth-class Optional. Specifies the class of operation, placing a minimum limit on the 
acceptable amount of bandwidth required for a bundle to be up. 


[A | B] Optional. Specifies the class of operation. 
Class A_ Asingle active link is sufficient for the bundle to be up. 
Class B_ All defined bundle links must be active for the bundle to be up. 


C <threshold> Optional. Specifies the minimum number of active bundle links required for 
a Class C bundle to be in the up state. This option will not be available 
unless Class C is specified. Range is 1 to 65,535 links. 


bid <string> Optional. Specifies a bundle ID (up to 48 characters) for the multilink 
bundle. All hello messages sent on links belonging to the multilink bundle 
contain the bundle ID. By default, AOS creates a generic bundle ID for each 
configured multilink bundle using the following: MFR <interface number> 
where the interface number corresponds to the interface number of the 
Frame Relay interface. For example, if multilink is enabled on frame-relay 
interface 1, by default the bundle ID is MFR1. Changing the bundle ID 
causes the multilink connection to go down for renegotiation. 


hello <value> Optional. Specifies the time (in seconds) between hello messages for every 
bundle link in the bundle. Range is 1 to 180 seconds. 


retry <number> Optional. Specifies the number of times a bundle link will retransmit a 
message while waiting for acknowledgement. Range is 1 to 5 times. 


Default Values 





The default ack value is 4 seconds. The default hello value is 10 seconds. The default <class> value is A. 
The default retry value is 2. 


Command History 





Release 9.1 Command was introduced. 
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Functional Notes 





This command is different from ppp multilink. In ppp multilink, if multiple cross connects are configured 
for the Point-to-Point Protocol (PPP) interface without multilink PPP being enabled, the first link to bring up 
Link Control Protocol (LCP) will be the only link actually cross connected. In Frame Relay multilink, since 
there is no protocol corresponding to LCP, all cross connects will be removed and the user will be free to 
re-issue any cross connect. 


Usage Examples 





The following example enables the Frame Relay multilink interface and sets the time between hello 
messages to 45 seconds: 


(config)#interface frame-relay 1 

(config-fr 1)#frame-relay multilink hello 45 

The following example specifies Class B operation: 

(config)#interface frame-relay 1 

(config-fr 1)#frame-relay multilink bandwidth-class B 

The following example specifies Class C operation with a threshold of 5: 


(config)#interface frame-relay 1 
(config-fr 1)#frame-relay multilink bandwidth-class C 5 
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hold-queue <va/ue> out 


Use the hold-queue out command to change the overall size of an interface's wide area network (WAN) 
output queue. Use the no form of this command to return to the default settings. 


Syntax Description 


<value> Specifies the total number of packets the output queue can contain before 
packets are dropped. Range is 16 to 1000 packets. 


Default Values 





The default queue size for weighted fair queuing (WFQ) is 400. The default queue size for Point-to-Point 
Protocol (PPP) first in, first out (FIFO) and Frame Relay round robin is 200. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the overall output queue size to 700: 


(config)#interface frame-relay 1 
(config-fr 1)#hold-queue 700 out 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system-critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system-critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for quality of 
service (QoS). This setting is configured as a percentage of the total 
interface speed. Range is 1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system-critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent of the bandwidth on the Frame Relay 1 interface to be 
available for use in user-defined queues: 


(config)#interface frame-relay 1 
(config-fr 1)#max-reserved-bandwidth 85 
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qos-policy 


Use the qos-policy command to apply a previously configured quality of service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 6.1 Command was introduced. 
Release 15.1 Command was expanded to include the in option. 


Functional Notes 


When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 

2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. Across connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing (WFQ). 
6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 
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Usage Examples 





The following example applies the QOS map VOICEMAP to the Frame Relay interface: 


(config)#interface frame-relay 1 
(config-fr 1)#qos-policy out VOICEMAP 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP on the virtual Frame Relay interface: 


(config)#interface frame-relay 1 
(config-fr 1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable object identifier (OID) is enabled for all interfaces except virtual 
Frame Relay interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the Frame Relay interface: 


(config)#interface frame-relay 1 
(config-fr 1)#no snmp trap link-status 
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FRAME RELAY SUBINTERFACE CONFIG COMMAND SET 


To create a virtual Frame Relay subinterface and activate the Frame Relay Subinterface Configuration 
mode, enter the interface frame-relay command (and specify a subinterface) at the Global Configuration 
mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface frame-relay 1.16 
(config-fr 1.16)# 


By default, Frame Relay subinterfaces are created as point-to-point links. This default setting cannot be 
altered. The following command creates the exact same interface as that mentioned above: 


>enable 

#configure terminal 

(config)#interface frame-relay 1.16 point-to-point 
(config-fr 1.16)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1531 
bandwidth <value> on page 1532 
bridge-group <number> on page 1533 
bridge-group <number> vlan-transparent on page 1534 
crypto map <name> on page 1535 
dial-backup commands begin on page 1537 
dynamic-dns on page 1554 

frame-relay commands begin on page 1556 
ip commands begin on page 1560 

lldp receive on page 1598 

lldp send on page 1599 
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media-gateway ip on page 1601 
mtu <size> on page 1602 
rtp quality-monitoring on page 1603 


spanning-tree commands begin on page 1604 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 

Release 6.1 Command was expanded to include VLAN interfaces. 

Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the Frame Relay subinterface 1.16: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the Frame Relay subinterface 1.16: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#access-policy Private 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4,294,967,295 kbps. 


Default Values 





To view the default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the Frame Relay interface to 10 Mbps: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#bandwidth 10000 
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bridge-group <number> 
Use the bridge-group command to assign an interface to the specified bridge group. This command is 


supported on all Ethernet interfaces, Point-to-Point Protocol (PPP) virtual interfaces, and Frame Relay 
virtual subinterfaces. Use the no form of this command to remove the interface from the bridge group. 


Syntax Description 





<number> Specifies the bridge group number. Range is 1 to 255. 


Default Values 





By default, there are no configured bridge groups. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A bridged network can provide excellent traffic management to reduce collisions and limit the amount of 
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can 
be bridged (Ethernet to T1 bridge, Ethernet to Frame Relay subinterface). 


Usage Examples 





The following example assigns the Frame Relay subinterface labeled 1.16 to bridge group 1: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#bridge-group 1 
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bridge-group <number> vian-transparent 


Use the bridge-group vlan-transparent command to prevent an interface from removing the VLAN tag. 
Use the no form of this command to allow the interface to remove the VLAN tag from the packet. 





Wor The bridge-group vlan-transparent command is not a global command. The command 


must be applied on all interfaces of the bridge group. 





Syntax Description 





<number> Specifies the bridge group number. Valid range is 1 to 255. 


Default Values 


By default, VLAN tags are removed from the data. 


Command History 





Release 12.1 Command was introduced. 


Release 14.1 Command was expanded to include the high level data link control (HDLC) 
interface and Frame Relay subinterface. 


Usage Examples 





The following example removes the VLAN tags from the packets on the Frame Relay subinterface labeled 
1.16: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#bridge-group 1 vlan-transparent 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps that 
share the same name, but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Specifies the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





When configuring a system to use both the stateful inspection firewall and Internet key exchange (IKE) 
negotiation for virtual private network (VPN), keep the following notes in mind. 


When defining the policy class and associated access control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted), it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the Frame Relay interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#crypto map MyMap 
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dial-backup auto-backup 


Use the dial-backup auto-backup command to configure the interface to automatically attempt a dial 
backup upon failure. Use the no form of this command to disable this feature. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
dial-backup call-mode on page 1540. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically attempt dial backup upon a failure. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables automatic dial backup on the endpoint: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup auto-backup 
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dial-backup auto-restore 


Use the dial-backup auto-restore command to configure the interface to automatically discontinue 
dial-backup when all network conditions are operational. Use the no form of this command to disable the 
auto-restore feature. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of dial-backup call-mode on page 1540. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically restore the primary connection when the failure 
condition clears. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example configures AOS to automatically restore the primary connection when the failure 
condition clears: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup auto-restore 
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dial-backup backup-delay <value> 


Use the dial-backup backup-delay command to configure the amount of time the router will wait after the 
failure condition is recognized before attempting to backup the link. Use the no form of this command to 
return to the default value. For more detailed information on dial-backup functionality, refer to the 
Functional Notes and Technology Review sections of dial-backup call-mode on page 1540. 


Syntax Description 





<value> Specifies the delay period (in seconds) a failure must be active before AOS 
will enter backup operation on the interface. Range is 10 to 
86,400 seconds. 


Default Values 





By default, the dial-backup backup-delay period is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures AOS to wait 60 seconds (on an endpoint with an active alarm condition) 
before attempting dial-backup operation: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup backup-delay 60 
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dial-backup call-mode 


Use the dial-backup call-mode command to specify whether the configured backup interface answers or 
originates (or a combination of both) backup calls. Use the no form of this command to return to the 
default value. Variations of this command include: 


dial-backup call-mode answer 

dial-backup call-mode answer-always 
dial-backup call-mode originate 

dial-backup call-mode originate-answer 
dial-backup call-mode originate-answer-always 


Syntax Description 





answer Answers and backs up primary link on failure. 
answer-always Answers and backs up regardless of primary link state. 
originate Originates backup call on primary link failure. 
originate-answer Originates or answers call on primary link failure. 


originate-answer-always Originates on failure; answers and backs up always. 


Default Values 





By default, the dial-backup call-mode is set to originate-answer. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The majority of the configuration for AOS dial-backup implementation is configured via the dial-backup 
PPP interface configuration commands. However, the numbers dialed are configured in the primary 
interface. Full sample configurations follow: 


Sample configuration for remote router (dialing out) 


hostname “Remote3200” 
enable password adtran 
| 

interface eth 0/1 

ip address 192.168.1.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 

interface t1 1/1 

coding b8zs 
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framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 

interface fr 1 point-to-point 

frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

l 

interface fr 1.16 point-to-point 

frame-relay interface-dlci 16 

ip address 10.1.1.2 255.255.255.252 

dial-backup call-mode originate 

dial-backup number 5551111 analog ppp1 

dial-backup number 5552222 analog ppp1 
no shutdown 

| 


interface ppp 1 

ip address 172.22.56.1 255.255.255.252 

ppp authentication chap 

username remoterouter password remotepass 
ppp chap hostname localrouter 

ppp chap password adtran 

no shutdown 

| 

ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252 
| 

line telnet 0 4 

password password 


Sample configuration for central router (dialing in) 


hostname “Central3200” 
enable password adtran 
| 

interface eth 0/1 

ip address 192.168.100.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 

interface t1 1/1 

coding b8zs 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


1541 


Command Reference Guide 


Frame Relay Subinterface Config Command Set 





framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 

interface fr 1 point-to-point 
frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

l 

interface fr 1.100 point-to-point 
frame-relay interface-dici 100 

ip address 10.1.1.1 255.255.255.252 
dial-backup call-mode answer 
dial-backup number 555-8888 analog ppp 1 
| 

interface ppp 1 

ip address 172.22.56.2 255.255.255.252 
ppp authentication chap 

username localrouter password adtran 
ppp chap hostname remoterouter 

ppp chap password remotepass 

no shutdown 

| 


ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252 


line telnet 0 4 
password password 


Usage Examples 


The following example configures AOS to generate backup calls for this endpoint using an analog modem 
interface (to phone number 555 1111), but never answer calls and specifies ppp 1 as the backup interface: 


(config)#interface frame-relay 1.16 


(config-fr 1.16)#dial-backup call-mode originate 


(config-fr 1.16)#dial-backup number 555 1111 analog ppp 1 
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Technology Review 





This technology review provides information regarding specific dial-backup router behavior (i.e., when the 
router will perform dial backup, where in the configuration AOS accesses specific routing information, etc.): 


Dialing Out 
1. AOS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure. 


2. When placing outbound calls, AOS matches the number dialed to a PPP interface. This is accomplished 
with an addition to the dial-backup number command (refer to dial-backup number <number> on page 
1547). 


3. When placing the call, AOS uses the configuration of the related PPP interface for authentication and IP 
negotiation. 


4. If the call fails to connect on the first number dialed, AOS places a call to the second number (if a 
second number is configured). The second number to be dialed references a separate PPP interface. 


Dialing In 
1. AOS receives an inbound call on a physical interface. 
2. Caller ID is used to match the dial-backup number command to the configured PPP interface. 


3. If a match is found, the call connects and AOS pulls down the primary connection if it is not already ina 
down state. 


4. If no match is found from caller ID, the call is terminated. 
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dial-backup connect-timeout <va/ue> 


Use the dial-backup connect-timeout command to specify the number of seconds to wait for a connection 
after a call is attempted before trying to call again or dialing a different number. It is recommended this 
number be greater than 60. Use the no form of this command to return to the default setting. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of dial-backup call-mode on page 1540. 


Syntax Description 





<value> Selects the amount of time (in seconds) that the router will wait for a 
connection before attempting another call. Valid range is 10 to 300 seconds. 


Default Values 





By default, the dial-backup connect-timeout period is set to 60 seconds. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures AOS to wait 120 seconds before retrying a failed dial-backup call: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup connect-timeout 120 
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dial-backup force 


Use the dial-backup force command to manually override the automatic dial-backup feature. This can be 
used to force a link into backup to allow maintenance to be performed on the primary link without 
disrupting data. Use the no form of this command to return to the normal dial-backup operation state. For 
more detailed information on dial-backup functionality, refer to the Functional Notes and Technology 
Review sections of dial-backup call-mode on page 1540. Variations of this command include: 


dial-backup force backup 
dial-backup force primary 


Syntax Description 





backup Force backup regardless of primary link state. 
primary Force primary link regardless of its state. 


Default Values 


By default, this feature is disabled. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures AOS to force this interface into dial backup: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup force backup 
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dial-backup maximum-retry <value> 


Use the dial-backup maximum-retry command to select the number of calls the router will make when 
attempting to backup a link. Use the no form of this command to return to the default state. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of dial-backup call-mode on page 1540. 


Syntax Description 





<value> Selects the number of call retries that will be made after a link failure. Valid 
range is 0 to 15 attempts. 


Setting this value to 0 will allow unlimited retries during the time the network 
is failed. 


Default Values 





By default, dial-backup maximum-retry is set to 0 attempts. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures AOS to retry a dial-backup call four times before considering backup 
operation not available: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup maximum-retry 4 
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dial-backup number <number> 


Use the dial-backup number command to configure the phone number and the call type the router will 
dial upon network failure. Multiple entries can be made for an interface to allow alternate sites to be dialed. 
Use the no form of this command to disable this feature. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup 
call-mode on page 1540.Variations of this command include: 


dial-backup number <number> analog ppp <interface> 
dial-backup number <number> cellular ppp </nterface> 
dial-backup number <number> digital-56k <isdn min chan> <isdn max chan> ppp <interface> 
dial-backup number <number> digital-64k <isdn min chan> <isdn max chan> ppp <interface> 


Syntax Description 





<number> Specifies the phone numbers to call when the backup is initiated. 

analog Indicates the number connects to an analog modem. 

cellular Indicates the number connects to a cellular modem. 

digital-56k Indicates the number belongs to a digital 56 kbps per DSO connection. 

digital-64k Indicates the number belongs to a digital 64 kbps per DSO connection. 

<isdn min chan> Specifies the minimum number of DSOs required for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 

<isdn max chan> Specifies the maximum number of DSOs desired for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 

ppp <interface> Specifies the PPP interface to use as the backup for this interface (for example, 
ppp 1). 


Default Values 





By default, there are no configured dial-backup numbers. 


Command History 





Release 1.1 Command was introduced. 
Release 17.2 Command was expanded to include cellular connections. 


Usage Examples 





The following example configures AOS to dial 704-555-1212 (digital 64 kbps connection) to initiate 
dial-backup operation for this endpoint using the configured ppp 1 backup interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup number 7045551212 digital-64k 1 1 ppp 1 
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dial-backup priority <va/ue> 


Use the dial-backup priority command to select the backup priority for this interface. This command 
allows the user to establish the highest priority backup link and ensure that link will override backups 
attempted by lower priority links. Use the no form of this command to return to the default value. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of dial-backup call-mode on page 1540. 


Syntax Description 





<value> Sets the relative priority of this link. Valid range is 0 to 100. A value of 100 
designates the highest priority. 


Default Values 





By default, dial-backup priority is set to 50. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example assigns the highest priority to this endpoint: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup priority 100 
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dial-backup randomize-timers 


Use the dial-backup randomize-timers command to randomize the call timers to minimize potential 
contention for resources. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
dial-backup call-mode on page 1540. 


Syntax Description 





No subcommanas. 


Default Values 





By default, AOS does not randomize the dial-backup call timers. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures AOS to randomize the dial-backup timers associated with this endpoint: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup randomize-timers 
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dial-backup redial-delay <value> 


Use the dial-backup redial-delay command to configure the delay after an unsuccessful call until the call 
will be re-tried. Use the no form of this command to return to the default setting. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
dial-backup call-mode on page 1540. 


Syntax Description 





<value> Specifies the delay in seconds between attempting to re-dial a failed backup 
attempt. Range is 10 to 3600 seconds. 


Default Values 





By default, dial-backup redial-delay is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example configures a redial delay of 25 seconds on this endpoint: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup redial-delay 25 
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dial-backup restore-delay <va/ue> 


Use the dial-backup restore-delay command to configure the amount of time the router will wait after the 
network is restored before disconnecting the backup link and reverting to the primary. This setting is used 
to prevent disconnecting the backup link if the primary link is bouncing in and out of alarm. Use the no 
form of this command to return to the default setting. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of dial-backup call-mode on 
page 1540. 


Syntax Description 





<value> Specifies the number of seconds AOS will wait (after a primary link is 
restored) before disconnecting dial-backup operation. Range is 10 to 
86,400 seconds. 


Default Values 





By default, dial-backup restore-delay is set to 10 seconds. 


Command History 


Release 1.1 Command was introduced. 


Usage Examples 





The following example configures AOS to wait 30 seconds before disconnecting dial-backup operation and 
restoring the primary connection for this endpoint: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup restore-delay 30 
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dial-backup schedule 


Use the dial-backup schedule command to set the time of day that backup will be enabled. Use this 
command if backup is desired only during normal business hours and on specific days of the week. Use the 
no form of this command to disable dial backup (as specified). For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of dial-backup 
call-mode on page 1540. Variations of this command include: 


dial-backup schedule day <name> 
dial-backup schedule enable-time <value> 
dial-backup schedule disable-time <va/ue> 


Syntax Description 


day <name> Sets the days to allow backup. Valid range is Monday through Sunday. 

enable-time <va/ue> Sets the time of day to enable backup. Time is entered in a 24-hour format 
(00:00). 

disable-time <value> Sets the time of day to disable backup. Time is entered in a 24-hour format 
(00:00). 


Default Values 





By default, dial backup is enabled for all days and times if the dial-backup auto-backup command has 
been issued and the dial-backup schedule has not been entered. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example enables dial backup Monday through Friday 8:00 a.m. to 7:00 p.m.: 


(config)#interface frame-relay 1.16 

(config-fr 1.16)#dial-backup schedule enable-time 08:00 
(config-fr 1.16)#dial-backup schedule disable-time 19:00 
(config-fr 1.16)#no dial-backup schedule day Saturday 
(config-fr 1.16)#no dial-backup schedule day Sunday 
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dial-backup shutdown 


Use the dial-backup shutdown command to deactivate all dial-backup functionality in the unit. 
Dial-backup configuration parameters are kept intact, but the unit will not initiate (or respond) to 
dial-backup sequences in the event of a network outage. Use the no form of this command to reactivate the 
dial-backup interface. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of dial-backup call-mode on page 1540. 


Syntax Description 





No subcommanads. 


Default Values 





By default, all AOS interfaces are disabled. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 
The following example deactivates the configured dial-backup interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dial-backup shutdown 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the dynamic domain 
name server (DNS). 


<minutes> Specifies the intervals in minutes to update the server with information 
(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include bridged virtual interfaces (BVIs). 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
you to manage IP address mappings (A records), domain aliases (CNAME records), and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services, Inc. (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 
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dyndns-custom - DynDNS.org's Custom DNSSM service provides a full DNS solution, giving you 
complete control over an entire domain name. A Web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for most common configurations and allows for easy creation of most common record types. 
The advanced interface is designed for system administrators with a solid DNS background, and provides 
layout and functionality similar to a BIND zone file allowing for the creation of nearly any record type. 


Custom DNSS™ can be used with both static and dynamic IPs, and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS™ service in that it 
allows a host name, such as yourname.dyndns.org, to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate through the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all, but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
that also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the Dynamic DNS to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#dynamic-dns dyndns-custom host user pass 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1555 


Command Reference Guide Frame Relay Subinterface Config Command Set 





frame-relay bc <value> 


Use the frame-relay be command to set the b, (committed burst) value for a Frame Relay sublink. The 
value is in bits. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the committed burst value (in bits) for the sublink. 


Default Values 





By default, the committed burst value is set to 0 (no limit). 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





The time interval is always one second, so this can also be considered bits per second. Shaping is 
performed on a sliding one-second window to make maximum use of configured bandwidth. Note that 
when both be and be are non-zero, shaping is performed on the virtual circuit. The circuit is limited to the 


sum of bg and be , and it is recommended that the sum always be greater than 8000. 


Usage Examples 





The following example configures the Frame Relay sublink with a committed burst value of 128,000 bits: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#frame-relay bc 128000 
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frame-relay be <value> 


Use the frame-relay be command to set the b, (excessive burst) value for a Frame Relay sublink. The 
value is in bits. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the excessive burst value (in bits) for the sublink. 


Default Values 





By default, the excessive burst value is set to 0 (no limit). 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





The time interval is always one second, so this can also be considered bits per second. Shaping is 
performed on a sliding one-second window to make maximum use of configured bandwidth. Note that 
when both bz and be are nonzero, shaping is performed on the virtual circuit. The circuit is limited to the 


sum of bg and be, and it is recommended that the sum always be greater than 8000. 


Usage Examples 





The following example configures the Frame Relay sublink with an excessive burst value of 64,000 bits: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#frame-relay be 64000 
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frame-relay fragment <va/ue> 


Use the frame-relay fragment command to set the FRF.12 fragmentation threshold. Use the no form of 
this command to erase the configured threshold. 


Syntax Description 


<value> Specifies the fragmentation threshold. Valid fragmentation thresholds are 
greater than or equal to 64 and less than or equal to 1600. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





For Frame Relay fragmentation to take effect, rate-limiting must be enabled by setting the committed burst 
rate and excessive burst rate. Refer to frame-relay bc <value> on page 1556 and frame-relay be <value> 
on page 1557 for more information. 


Usage Examples 





The following example enables FRF.12 fragmentation on a sublink: 


config)#interface frame-relay 1.16 

config-fr 1.16)#frame-relay bc 64000 

config-fr 1.16)#frame-relay be 16 

config-fr 1.16)#frame-relay fragmentation 100 


aN aN 


The following example disables FRF.12 fragmentation on a sublink: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#no frame-relay fragment 
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frame-relay interface-dlci <va/ue> 
Use the frame-relay interface-dlci command to configure the data link connection identifier (DLCI) for 


the Frame Relay subinterface. This setting should match the DLCI supplied by your Frame Relay service 
provider. Use the no form of this command to remove the configured DLCI. 


Syntax Description 





<value> Specifies numeric value of the DLCI supplied by your provider. 


Default Values 





By default, the DLCI is populated with the subinterface identifier. For example, if configuring the virtual 
Frame Relay subinterface labeled fr 1.20, the default DLCI is 20. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example configures a DLCI of 72 for this Frame Relay endpoint: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#frame-relay interface-dlci 72 
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ip access-group <name> 


Use the ip access-group command to create an access control list (ACL) to be used for packets transmitted 
on or received from the specified interface. Use the no form of this command to disable this type of 
control. Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Specifies the IP ACL name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 
The following example sets up the router to only allow Telnet traffic into the Frame Relay subinterface: 


(config)#interface frame-relay 1.16 

(config)#ip access-list extended TelnetOnly 
(config-ext-nacl)#permit tcp any any eq telnet 
(config-ext-nacl)#int frame-relay 1.16 

(config-fr 1.16)#ip access-group TelnetOnly in 
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ip address dhcp 


Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an 
address on the interface. Use the no form of this command to remove a configured IP address (using 
DHCP) and disable DHCP operation on the interface. Variables that may be used with this command to 
further define the DHCP configuration include: 


ip address dhcp client-id [<interface> | <identifier>] [hostname <‘string’>] [track <name>] 
[<administrative distance>] 

ip address dhcp hostname <‘“string’> [no-default-route | no-domain-name | no-nameservers] 
[track <name>] [<administrative distance>] 

ip address dhcp [no-default-route | no-domain-name | no-nameservers] [track <name>] 
[<administrative distance>] 

ip address dhcp track <name> [<administrative distance>] 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the 
DHCP gateway into the route table. It is used to determine the best route 
when multiple routes to the same destination exist. The smaller the 
administrative distance, the more reliable the route. Range is 1 to 255. 


client-id Optional. Specifies the client identifier used when obtaining an IP address 
from a DHCP server. 


<interface> Specifies an interface, thus defining the client identifier as the hexadecimal 
MAC address of the specified interface (including a hexadecimal number 
added to the front of the MAC address to identify the media type). 


For example, specifying the client-id ethernet 0/1 (where the Ethernet 
interface has a MAC address of d217.0491.1150) defines the client 
identifier as 01:d2:17:04:91:11:50 (where 01 defines the media type as 
Ethernet). Refer to hardware-address on page 2550 for a detailed listing of 
media types. 

<identifier> Specifies a custom client-identifier using a text string (that is converted to a 
hexadecimal equivalent) or 7 to 28 hexadecimal numbers (with colon 
delimiters). 
For example, a custom client identifier of Of:ff:ff:ff:ff:51:04:99:a1 may be 
entered using the <identifier> option. 

hostname <‘“string’> Optional. Specifies a text string (to override the global router name) to use 
as the name in the DHCP option 12 field. The string is enclosed in quotation 
marks and can consist of up to 35 characters. 


no-default-route Optional. Specifies that no default route is obtained via DHCP. 
no-domain-name Optional. Specifies that no domain name is obtained via DHCP. 
no-nameservers Optional. Specifies that no DNS servers are obtained via DHCP. 

track <name> Optional. Attaches a network monitoring track to the DHCP client. The 


DHCP gateway route for this client will only reside in the route table while 
the track is in the pass state. For more information on configuring track 
objects, refer to track <name> on page 947. 
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Default Values 





<administrative distance> 
client-id 


hostname <‘“string’> 


Command History 


Release 2.1 
Release 8.1 
Release 13.1 


By default, the administrative distance value is 1. 

Optional. By default, the client identifier is populated using the following 
formula: 

TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS 

Where TYPE specifies the media type in the form of one hexadecimal byte 
(refer to hardware-address on page 2550 for a detailed listing of media 
types), and the MAC ADDRESS is the media access control (MAC) address 
assigned to the first Ethernet interface in the unit in the form of six 
hexadecimal bytes. (For units with a single Ethernet interface, the MAC 
ADDRESS assigned to Ethernet 0/1 is used in this field). 

INTERFACE SPECIFIC INFO is only used for Frame Relay interfaces and 
can be determined using the following: 

FR_PORT#: Q.922 ADDRESS 

Where the FR_PORT# specifies the label assigned to the virtual Frame 
Relay interface using four hexadecimal bytes. For example, a virtual Frame 
Relay interface labeled 1 would have a FR_PORT# of 00:00:00:01. 

The Q.922 ADDRESS field is populated using the following: 


8 7 6 5 4 3 a il 





DLCI (high order) C/R| EA 

















DLCI (lower) [FECN BECN DE | EA 





Where the FECN, BECN, C/R, DE, and high order extended address (EA) 
bits are assumed to be 0 and the lower order EA bit is set to 1. 


The following list provides a few example DLCls and associated Q.922 
address: 
DLCI (decimal) / Q.922 address (hex) 

16 / 0x0401 

50 / 0x0C21 

60 / Ox0CC1 

70 / 0x1061 

80 / 0x1401 


By default, the host name is the name configured using the Global 
Configuration hostname command. 


Command was introduced. 
Command was expanded to include ATM subinterface. 
Command was expanded to include track and administrative distance. 
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Functional Notes 





DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on 
the network. Many Internet Service Providers (ISPs) require the use of DHCP when connecting to their 
services. Using DHCP reduces the number of dedicated IP addresses the ISP must obtain. Consult your 
ISP to determine the proper values for the client-id and hostname fields. 


Usage Examples 





The following example enables DHCP operation on the virtual Frame Relay interface (labeled 1.16): 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip address dhcp 


The following example enables DHCP operation on the virtual Frame Relay interface (labeled 1.16) 
utilizing host name adtran and does not allow obtaining a default route, domain name, or nameservers. It 
also sets the administrative distance as 5: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip address dhcp hostname “adtran” no-default-route no-domain-name 
no-nameservers 5 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the optional 
secondary keyword to define a secondary IP address. Use the no form of this command to remove a 
configured IP address. Variations of this command include: 


ip address <ip address> <subnet mask> 
ip address <ip address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 
The following example configures a secondary IP address of 192.22.72.101 255.255.255.252: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip dhcp 


Use the ip dhcp command to release or renew the Dynamic Host Configuration Protocol (DHCP) IP 
address. This command is only applicable when using DHCP for IP address assignment. Variations of this 
command include: 


ip dhcp release 
ip dhcp renew 


Syntax Description 





release Releases DHCP IP address. 
renew Renews DHCP IP address. 


Default Values 





No default values are required for this command. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example releases the IP DHCP address for the virtual interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip dhcp release 
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ip directed-broadcast 


Use the ip directed-broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this feature. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list (ACL) name. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an ACL with this 
command. In this case, only directed broadcasts that are permitted by the specified ACL will be forwarded, 
and all other directed broadcasts directed to this interface subnet will be dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC 1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC 2644), with the intended goal of reducing the efficacy of certain types of denial of 
service (DoS) attacks. 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface frame-relay 1.16: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip directed-broadcast 
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ip ffe 


Use the ip ffe command to enable the RapidRoute Engine (formerly FFE) on this interface with the default 
number of entries. Use the no form of this command to disable the FFE. Variations of this command 
include: 


ip ffe max-entries <entries> 





‘ore Issuing this command will cause all FFE entries on this interface to be cleared. 





Syntax Description 





max-entries <entries> Specifies the maximum number of entries stored in the flow table. Valid 
range is from 1 to 8192. 


Default Values 





By default, the FFE is disabled. The default number of max-entries is 4096. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





The FFE can be used to help reduce routing overhead, and thus reduce overall routing times. Routing 
times are reduced by the creation of a flow table on the ingress interface. The maximum number of entries 
that can be stored in the flow table at any one time may be specified by using the max-entries 
subcommand. When features such as firewall, VPN, and static filters are enabled, routing time reduction 
may not be realized. 


Usage Examples 





The following example enables the FFE and sets the maximum number of entries in the flow table to 50: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip ffe max-entries 50 
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Technology Review 





The RapidRoute system goal is to increase IP packet throughput by moving as much of the packet 
processing into the engine as possible. Packets are classified into flows based upon the IP protocol (TCP, 
UDP, ICMP, etc.), the source and destination IP addresses, IP TOS, and the protocol-specific information, 
such as the source and destination port numbers. Flows are defined as the unidirectional representation of 
a conversation between two IP hosts. Each ingress interface keeps its own flow table, a collection of flow 
entries. 


The first packet in a flow that is forwarded through the unit will build a flow entry. When a flow entry is 
looked up, but no entry is found, a RapidRouteBuilder object is allocated and attached to the packet. As 
the packet passes through the various processing layers, each subsystem will add processing to the 
RapidRouteBuilder. When the packet is about to be forwarded out of the egress interface, the 
RapidRouteBuilder will be finalized. That is, the flow entry being built will be checked for completeness and 
committed to the flow table on the ingress interface. Subsequent flow matches can then bypass the normal 
processing layers. 
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ip flow 


Use the ip flow command to enable integrated traffic monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of this command to disable traffic monitoring. Variations of 
this command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Default Values 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables traffic monitoring on a Frame Relay interface to monitor incoming traffic 
through an ACL called myacl: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign a helper-address(es) (Specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is UDP. 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248 /30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


config)#interface frame-relay 1.16 

config)#ip forward-protocol udp domain 
config)#interface frame-relay 1.16 

config-fr 1.16)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or Internet Group Management Protocol 
(IGMP) snooping switch) is connected to the interface, when a leave is 
received, multicast of that group is immediately terminated as opposed 
to sending a group query and timing out the group if no device responds. 
Works in conjunction with ip igmp last-member-query-interval. 
Applies to all groups when configured. Use the no form of this command 
to disable the immediate-leave feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 


static-group <address> Configures the router's interface to be a statically connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 





Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 
Use the ip mcast-stub downstream command to enable multicast forwarding and Internet Group 


Management Protocol (IGMP) (router mode) on an interface and place it in multicast stub downstream 
mode. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 for more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group <address> command (on page 1573) to receive multicast traffic without 
host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all 
host-initiated IGMP transactions will enter multicast routes on the router’s interface involved with IGMP 
activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 
Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the 


Internet Group Management Protocol (IGMP) proxy. Use the no form of this command to disable this 
feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 
Release 10.1 Command was expanded to include Frame Relay subinterfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1575, and 
jp mcast-stub upstream on page 1578 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the Internet Group Management Protocol (IGMP) host function is dynamically 
enabled and the interface becomes the active upstream interface, enabling the router to perform as an 
IGMP proxy. Though multiple interfaces may be candidates, no more than one interface will actively serve 
as the helper forwarding interface. Refer to jo mcast-stub helper-address <ip address> on page 741 and ip 
mcast-stub downstream on page 1575 for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize open shortest path first (OSPF) settings (if needed). Use the no 
form of these commands to return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 
retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 
Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 

1 to 65,535. 

Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 

32,767 seconds. 

Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 

Configures OSPF message digest 5 (MD5) authentication 
(16-byte max) keys. 

Sets the OSPF priority. The value set in this field helps 
determine the designated router for this network. Range is 

0 to 255. 

Specifies the interval (in seconds) between link state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 

Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


40 seconds 

10 seconds: Ethernet, Frame Relay, Tunnel, and PPP 
5 seconds 

1 second 
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Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25,000: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing open shortest path 
first (OSPF) authentication. Use the no form of this command to return to the default setting. Variations of 
this command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication be used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example specifies that no authentication will be used on the Frame Relay interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. Point-to-Point Protocol (PPP) and Frame Relay default to 
point-to-point. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 


The following example designates a broadcast network type: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip ospf network broadcast 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1582 


Command Reference Guide Frame Relay Subinterface Config Command Set 





ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM sparse mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a rendezvous point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the router’s priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4,294,967,295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following specifies a priority of 100 on the Frame Relay subinterface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip pim-sparse dr-priority 100 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1584 


Command Reference Guide Frame Relay Subinterface Config Command Set 





ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the Frame Relay subinterface every 3600 seconds: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10,800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65,535 milliseconds. 


Default Values 





By default, the override interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override interval to 3000 milliseconds: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32,767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds on the Frame Relay subinterface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip pim-sparse propagation-delay 300 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1588 


Command Reference Guide Frame Relay Subinterface Config Command Set 





ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no 
form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified media access 
control (MAC) address and forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the Frame Relay subinterface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the 
unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only received RIP version 1 packets on the interface. 
2 Accepts only received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip receive version command to specify a RIP version that will override the version (in the 
Router RIP) configuration. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures a Frame Relay subinterface to accept only RIP version 2 packets: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the 
unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip send version to specify a RIP version that will override the version (in the Router RIP) 
configuration. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures a Frame Relay subinterface to transmit only RIP version 2 packets: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


Wo Using network address translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP route 
cache is enabled for all virtual Point-to-Point Protocol (PPP) interfaces. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 


Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast-cache switching on a Frame Relay subinterface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ? 
for a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command was expanded to include demand interfaces. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Frame 
Relay Subinterface Configuration mode configures the Frame Relay subinterface to use the IP address 
assigned to the Ethernet interface for all IP processing. In addition, AOS uses the specified interface 
information when sending route updates over the unnumbered interface. 


Usage Examples 





The following example configures the Frame Relay interface (labeled frame-relay 1.16) to use the IP 
address assigned to the Ethernet interface (eth 0/1): 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a universal resource locator (URL) filter to the interface for all 
inbound or outbound traffic. Use the no form of this command to remove the URL filter from an interface. 
Variations of this command include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <name> http command before applying it to the interface. Refer 
to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through a Frame Relay subinterface 
and matches the URL filter named MyFilter: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VPN routing and forwarding 
(VRF) instance. Use the no form of this command to remove the interface from the named VRF instance 
and assign it to the unnamed default VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP-related 
uT settings on that interface. 
vA 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF that is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF, but multiple interfaces can be assigned to the same VRFF. 


An interface will only forward IP traffic that matches its associated VRF. 


VRF on AOS products allows a single physical router to be partitioned into multiple virtual routers. Each 
router instance has its own route table and interface assignments. Beginning with Release 16.1, all AOS 
routers supporting multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless 
of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the frame-relay 1.16 interface to the VRF instance named RED: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#ip vrf forwarding RED 
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lldp receive 


Use the Ildp receive command to allow local loop demarcation point (LLDP) packets to be received on 
this interface. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example configures the Frame Relay subinterface to receive LLDP packets: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#Ildp receive 
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lldp send 


Use the Ildp send command to configure this interface to transmit local loop demarcation point (LLDP) 
packets or to control the types of information contained in the LLDP packets transmitted by this interface. 
Use the no form of these commands to disable these features. Variations of this command include: 


lldp send 

lidp send management-address 
lldp send port-description 

lldp send system-capabilities 
lldp send system-description 
lldp send system-name 

lldp send-and-receive 


Syntax Description 





management-address Enables transmission of management address information on this interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
and-receive Configures this interface to both transmit and receive LLDP packets. 


Default Values 





By default, all interfaces are configured to transmit and receive LLDP packets of all types. 


Command History 


Release 9.1 Command was introduced. 


Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send-and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 
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Usage Examples 





The following example configures the Frame Relay subinterface to transmit LLDP packets containing all 
enabled information types: 


(config)#interface frame-relay 1.16 

(config-fr 1.16)#Ildp send 

The following example configures the Frame Relay subinterface to transmit and receive LLDP packets 
containing all information types: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#lldp send-and-receive 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1600 


Command Reference Guide Frame Relay Subinterface Config Command Set 





media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for Realtime Transport 
Protocol (RTP) traffic. When configuring Voice over Internet Protocol (VoIP), RTP traffic needs an IP 
address to be associated with it. However, some interfaces allow dynamic configuration of IP addresses, 
and thus this value could change periodically. Use the no form of these commands to disable these 
functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary </p address> 


Syntax Description 


loopback <ip address> Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. IP 
addresses should be expressed in dotted decimal notation (for example, 


10.10.10.1). 

primary Use the IP address that is configured as primary on this interface. Applies to 
static, Dynamic Host Configuration Protocol (DHCP), or negotiated 
addresses. 

secondary <ip address> Use the statically defined secondary IP address of this interface to be used 


for RTP traffic. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 


By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 


The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#media-gateway ip primary 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


Open shortest path first (OSPF) will not become adjacent on links where the MTU sizes do not match. If 
router A and router B are exchanging hello packets but their MTU sizes do not match, they will never reach 
adjacency. This is by design and required by the RFC. 


Usage Examples 





The following example specifies an MTU of 1200 on the Frame Relay interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#mtu 1200 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the Frame Relay interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#rtp quality-monitoring 
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spanning-tree bpdufilter 


Use the spanning-tree bpdufilter command to block bridge protocol data units (BPDUs) from being 
transmitted and received on this interface. To return to the default value, use the no form of this command. 
Variations of this command include: 


spanning-tree bpdufilter disable 
spanning-tree bpdufilter enable 


Syntax Description 


disable Disables the BPDU filter. 
enable Enables the BPDU filter. 





Default Values 





By default, this command is set to disable. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The purpose of this command is to remove a port from participation in the spanning tree. This might be 
beneficial while debugging a network setup. It normally should not be used in a live network. 


Usage Examples 





The following example enables the BPDU filter on the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#spanning-tree bpdufilter enable 
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spanning-tree bpduguard 


Use the spanning-tree bpduguard command to block bridge protocol data units (BPDUs) from being 
received on this interface. To return to the default value, use the no form of this command. Variations of 
this command include: 


spanning-tree bpduguard disable 
spanning-tree bpduguard enable 


Syntax Description 


disable Disables the BPDU block. 
enable Enables the BPDU block. 





Default Values 





By default, this command is set to disable. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables the BPDU guard on the interface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#spanning-tree bpduguard enable 
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spanning-tree edgeport 
Use the spanning-tree edgeport command to set this interface to be an edgeport. This command overrides 


the global setting (refer to spanning-tree edgeport default on page 932). Use the no form of this command 
to return to the default value. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is set to disable. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example configures the interface to be an edgeport: 

(config)#interface frame-relay 1.16 

(config-fr 1.16)#spanning-tree edgeport 

An individual interface can be configured to not be considered an edgeport. For example: 
(config)#interface frame-relay 1.16 

(config-fr 1.16)#spanning-tree edgeport disable 

or 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#no spanning-tree edgeport 
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spanning-tree link-type 


Use the spanning-tree link-type command to configure the spanning-tree protocol link type for an 
interface. To return to the default value, use the no form of this command. Variations of this command 
include: 


spanning-tree link-type auto 
spanning-tree link-type point-to-point 
spanning-tree link-type shared 


Syntax Description 





auto Determines link type by the port’s duplex settings. 
point-to-point Manually sets link type to point-to-point, regardless of duplex settings. 
shared Manually sets link type to shared, regardless of duplex settings. 


Default Values 





By default, a port is set to auto. 


Command History 


Release 5.1 Command was introduced. 


Functional Notes 





This command overrides the default link-type setting determined by the duplex of the individual port. By 
default, a port configured for half-duplex is set to shared link type, and a port configured for full-duplex is 
set to point-to-point link type. Setting the link type manually overrides the default and forces the port to 
use the specified link type. Using the link-type auto command, restores the convention of determining link 
type based on duplex settings. 


Usage Examples 





The following example forces the link type to point-to-point, even if the port is configured to be half-duplex: 


(config)#bridge 1 protocol ieee 
(config)#interface frame-relay 1.16 
(config-fr 1.16)#spanning-tree link-type point-to-point 


Technology Review 





Rapid transitions are possible in rapid spanning-tree protocol (RSTP) by taking advantage of point-to-point 
links (a port is connected to exactly one other bridge) and edge-port connections (a port is not connected 
to any additional bridges). Setting the link type to auto allows the spanning tree to automatically configure 
the link type based on the duplex of the link. Setting the link type to point-to-point allows a half-duplex link 
to act as if it were a point-to-point link. 
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spanning-tree path-cost <va/ue> 


Use the spanning-tree path-cost command to assign a cost to a bridge group that is used when computing 
the spanning-tree root path. To return to the default path-cost value, use the no form of this command. 


Syntax Description 


<value> Assigns a path-cost value for spanning calculations to the bridge interface. 
Valid range is 0 to 65,535. 


Default Values 





By default, the path-cost value is set at 19. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The specified value is inversely proportional to the likelihood the bridge interface will be chosen as the root 
path. Set the path-cost value lower to increase the chance the interface will be the root. To obtain the most 
accurate spanning-tree calculations, develop a system for determining path costs for links and apply it to 
all bridged interfaces. 


Usage Examples 





The following example assigns a path cost of 100 on a Frame Relay subinterface: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#spanning-tree path-cost 100 


Technology Review 





Spanning-tree protocol provides a way to prevent loopback or parallel paths in bridged networks. Using the 
priority values and path costs assigned to each bridging interface, the spanning-tree protocol determines 
the root path and identifies whether to block or allow other paths. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1608 


Command Reference Guide Frame Relay Subinterface Config Command Set 





spanning-tree port-priority <va/ue> 


Use the spanning-tree port-priority command to select the priority level of a port associated with a 
bridge. To return to the default bridge-group priority value, use the no version of this command. 


Syntax Description 


<value> Priority value for the bridge group; the lower the value, the higher the 
priority. Valid range is 0 to 255. 


Default Values 





By default, the bridge-group priority value is set at 28. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The only time that this priority level is used is when two interfaces with a path to the root have equal cost. 
At that point, the level set in this command will determine which port the bridge will use. Set the priority 
value lower to increase the chance the interface will be used. 


Usage Examples 





The following example sets the maximum priority on the Frame Relay subinterface labeled 1.16: 


(config)#interface frame-relay 1.16 
(config-fr 1.16)#spanning-tree port-priority 0 
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HDLC INTERFACE CONFIGURATION COMMAND SET 


To create a virtual high-level data link control (HDLC) interface and/or activate the HDLC Interface 
Configuration mode, enter the interface hdle command at the Global Configuration mode prompt. For 
example: 


>enable 

#configure terminal 
(config)#interface hdlc 1 
(config-hdlc 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1612 

dlias link “<text>” on page 1613 

bandwidth <value> on page 1614 

bridge-group <value> on page 1615 
bridge-group <number> vlan-transparent on page 1616 
crypto map <name> on page 1617 

dial-backup commands begin on page 1619 
dynamic-dns on page 1636 

fair-queue on page 1638 

hold-queue <value> out on page 1639 

ip commands begin on page 1640 

keepalive <value> on page 1671 

lldp receive on page 1672 

lidp send on page 1673 
max-reserved-bandwidth <value> on page 1675 
media-gateway ip on page 1676 

mtu <size> on page 1677 
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gos-policy on page 1678 
rtp quality-monitoring on page 1680 
snmp trap link-status on page 1681 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case-sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the HDLC interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the HDLC interface 1: 


(config)#interface hdlc 1 
(config-hdic 1)#access-policy Private 
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alias link “<text>” 


Each configured HDLC interface (when referenced using SNMP) contains a link (physical port) and a 
bundle (group of links). RFC 1471 (for Link Connection Protocol) provides an interface table to manage 
lists of bundles and associated links. The alias link command provides the management station an 
identifying description for each link (HDLC physical). 


Syntax Description 





“<text>” Describes the interface (for SNMP) using an alphanumeric character string 
enclosed in quotation marks. 


Default Values 





By default, the HDLC identification string appears as empty quotes. (“ “) 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 


The alias link string should be used to uniquely identify an HDLC link. Enter a string that clearly identifies 
the link. 


Usage Examples 





The following example defines a unique character string for the virtual HDLC interface (1): 


(config)#interface hdlc 1 
(config-hdlc 1)#alias link “HDLC_link_1” 


Technology Review 





Please refer to RFC1990 for a more detailed discussion on HDLC links and bundles. 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies the bandwidth in kbps. Range is 1 to 4,294,967,295 kbps. 


Default Values 





To view default values use the show interfaces command. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher-level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the HDLC interface to 10 Mbps: 


(config)#interface hdlc 1 
(config-hdic 1)#bandwidth 10000 
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bridge-group <va/lue> 


Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of 
this command to remove the interface from the bridge group. 


Syntax Description 


<value> Specifies the bridge group (by number) to which to assign this interface. 
Range is 1 to 255. 


Default Values 





By default, there are no configured bridge groups. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





A bridged network can provide excellent traffic management to reduce collisions and limit the amount of 
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can 
be bridged (Ethernet to T1 bridge, Ethernet to Frame Relay subinterface, etc.). 


Usage Examples 





The following example assigns the HDLC interface labeled 1 to bridge group 1: 


(config)#interface hdlc 1 
(config-hdic 1)#bridge-group 1 
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bridge-group <number> vian-transparent 


Use the bridge-group vlan-transparent command to prevent an interface from removing the VLAN tag. 
Use the no form of this command to allow the interface to remove the VLAN tag from the packet. 





Wor The bridge-group vlan-transparent command is not a global command. The command 


must be applied on all interfaces of the bridge group. 





Syntax Description 





<number> Specifies the bridge group number. Valid range is 1 to 255. 


Default Values 


By default, VLAN tags are removed from the data. 


Command History 





Release 12.1 Command was introduced. 


Release 14.1 Command was expanded to include the HDLC interface and Frame Relay 
subinterface. 


Usage Examples 





The following example removes the VLAN tags from the packets on the HDLC 1 interface: 


(config)#interface hdlc 1 
(config-hdic 1)#bridge-group 1 vlan-transparent 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps which 
share the same name but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Enter the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep 
the following notes in mind. 


When defining the policy-class and associated access-control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the un-encrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access-group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted) it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only un-encrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy-class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local-side, 
un-encrypted source of the data. The destination information will be the far-end, un-encrypted destination 
of the data. However, ACLs for a policy-class work in reverse. The source information for the ACL ina 
policy-class is the far-end. The destination information is the local-side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the HDLC 1 interface: 


(config)#interface hdlc 1 
(config-hdic 1)#crypto map MyMap 
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dial-backup auto-backup 


Use the dial-backup auto-backup command to configure the interface to automatically attempt a 
dial-backup upon failure. Use the no form of this command to disable this feature. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
dial-backup call-mode on page 1622. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically attempt dial-backup upon a failure. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example enables automatic dial-backup on the endpoint: 


(config)#interface hdlc 1 
(config-hdlc 1)#dial-backup auto-backup 
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dial-backup auto-restore 


Use the dial-backup auto-restore command to configure the interface to automatically discontinue 
dial-backup when all network conditions are operational. Use the no form of this command to disable the 
auto-restore feature. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of dial-backup call-mode on page 1622. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically restore the primary connection when the failure 
condition clears. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to automatically restore the primary connection when the failure 
condition clears: 


(config)#interface hdlc 1 
(config-hdlc 1)#dial-backup auto-restore 
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dial-backup backup-delay <value> 


Use the dial-backup backup-delay command to configure the amount of time the router will wait after the 
failure condition is recognized before attempting to backup the link. Use the no form of this command to 
return to the default value. For more detailed information on dial-backup functionality, refer to the 
Functional Notes and Technology Review sections of dial-backup call-mode on page 1622. 


Syntax Description 





<value> Specifies the delay period (in seconds) a failure must be active before AOS 
will enter backup operation on the interface. Range is 10 to 
86,400 seconds. 


Default Values 





By default, the dial-backup backup-delay period is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 60 seconds (on an endpoint with an active alarm condition) 
before attempting dial-backup operation: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup backup-delay 60 
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dial-backup call-mode 


Use the dial-backup call-mode command to specify whether the configured backup interface answers or 
originates (or a combination of both ) backup calls. Use the no form of this command to return to the 
default value. Variations of this command include: 


dial-backup call-mode answer 

dial-backup call-mode answer-always 
dial-backup call-mode originate 

dial-backup call-mode originate-answer 
dial-backup call-mode originate-answer-always 


Syntax Description 





answer Answers and backs up primary link on failure. 
answer-always Answers and backs up regardless of primary link state. 
originate Originates backup call on primary link failure. 
originate-answer Originates or answers call on primary link failure. 


originate-answer-always Originates on failure; answers and backs up always. 


Default Values 





By default, the dial-backup call-mode is set to originate-answer. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Functional Notes 





The majority of the configuration for AOS dial-backup implementation is configured via the dial-backup 
PPP interface configuration commands. However, the numbers dialed are configured in the primary 
interface. Full sample configurations follow: 


Sample configuration for remote router (dialing out) 


hostname “Remote3200” 

enable password adtran 

| 

interface eth 0/1 
ip address 192.168.1.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 
framing esf 
clock source line 
tdm-group 1 timeslots 1-24 
no shutdown 
| 
interface fr 1 point-to-point 
frame-relay Imi-type ansi 
no shutdown 
cross-connect 1 t1 1/1 1 fr 1 
| 
interface fr 1.16 point-to-point 
frame-relay interface-dici 16 
ip address 10.1.1.2 255.255.255.252 
dial-backup call-mode originate 
dial-backup number 5551111 analog ppp1 
dial-backup number 5552222 analog ppp1 
no shutdown 
| 


interface ppp 1 
ip address 172.22.56.1 255.255.255.252 
ppp authentication chap 
username remoterouter password remotepass 
ppp chap hostname localrouter 
ppp chap password adtran 
no shutdown 
| 
ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252 
| 
line telnet 0 4 
password password 


Sample configuration for central router (dialing in) 


hostname “Central3200” 

enable password adtran 

| 

interface eth 0/1 
ip address 192.168.100.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 
framing esf 
clock source line 
tdm-group 1 timeslots 1-24 
no shutdown 
| 
interface fr 1 point-to-point 
frame-relay Imi-type ansi 
no shutdown 
cross-connect 1 t1 1/1 1 fr 1 
| 
interface fr 1.100 point-to-point 
frame-relay interface-dici 100 
ip address 10.1.1.1 255.255.255.252 
dial-backup call-mode answer 
dial-backup number 555-8888 analog ppp 1 
| 
interface ppp 1 
ip address 172.22.56.2 255.255.255.252 
ppp authentication chap 
username localrouter password adtran 
ppp chap hostname remoterouter 
ppp chap password remotepass 
no shutdown 
| 


ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252 


line telnet 0 4 
password password 


Usage Examples 





The following example configures AOS to generate backup calls for this endpoint using an analog modem 
interface (to phone number 555 1111) but never answer calls and specifies ppp 1 as the backup interface: 


(config)#interface hdlc 1 
(config-hdic 1)#backup call-mode originate 
(config-hdic 1)#backup number 555 1111 analog ppp 1 
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Technology Review 





This technology review provides information regarding specific dial-backup router behavior (i.e., when the 
router will perform dial-backup, where in the configuration AOS accesses specific routing information, etc.): 


Dialing Out 
1. AOS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure. 


2. When placing outbound calls, AOS matches the number dialed to a PPP interface. This is accomplished 
with an addition to the dial-backup number command (refer to dial-backup number <number> on page 
1629). 


3. When placing the call, AOS uses the configuration of the related PPP interface for authentication and IP 
negotiation. 


4. If the call fails to connect on the first number dialed, AOS places a call to the second number (if a 
second number is configured). The second number to be dialed references a separate PPP interface. 


Dialing In 
1. AOS receives an inbound call on a physical interface. 
2. Caller ID is used to match the dial-backup number command to the configured PPP interface. 


3. If a match is found, the call connects and AOS pulls down the primary connection if it is not already ina 
down state. 


4. If no match is found from caller ID, the call is terminated. 
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dial-backup connect-timeout <va/ue> 


Use the dial-backup connect-timeout command to specify the number of seconds to wait for a connection 
after a call is attempted before trying to call again or dialing a different number. It is recommended this 
number be greater than 60. Use the no form of this command to return to the default setting. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of the command dial-backup call-mode on page 1622. 


Syntax Description 





<value> Selects the amount of time (in seconds) that the router will wait for a 
connection before attempting another call. Valid range is 10 to 300 seconds. 


Default Values 





By default, the dial-backup connect-timeout period is set to 60 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 120 seconds before retrying a failed dial-backup call: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup connect-timeout 120 
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dial-backup force 


Use the dial-backup force command to manually override the automatic dial-backup feature. This can be 
used to force a link into backup to allow maintenance to be performed on the primary link without 
disrupting data. Use the no form of this command to return to the normal dial-backup operation state. For 
more detailed information on dial-backup functionality, refer to the Functional Notes and Technology 
Review sections of the command dial-backup call-mode on page 1622. Variations of this command 
include: 


dial-backup force backup 
dial-backup force primary 


Syntax Description 





backup Forces backup regardless of primary link state. 
primary Forces primary link regardless of its state. 


Default Values 


By default, this feature is disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to force this interface into dial-backup: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup force backup 
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dial-backup maximum-retry <value> 


Use the dial-backup maximum-retry command to select the number of calls the router will make when 
attempting to backup a link. Use the no form of this command to return to the default state. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of the command dial-backup call-mode on page 1622. 


Syntax Description 





<value> Selects the number of call retry attempts that will be made after a link 
failure. Valid range is 0 to 15 attempts. 


Setting this value to 0 will allow unlimited retries during the time the network 
is failed. 


Default Values 





By default, dial-backup maximum-retry is set to 0 attempts. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to retry a dial-backup call four times before considering backup 
operation not available: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup maximum-retry 4 
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dial-backup number <number> 


Use the dial-backup number command to configure the phone number and the call type the router will 
dial upon network failure. Multiple entries can be made for an interface to allow alternate sites to be dialed. 
Use the no form of this command to remove a configured dial-backup number. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1622. Variations of this command include: 


dial-backup number <number> analog ppp <interface> 
dial-backup number <number> cellular ppp <interface> 
dial-backup number <number> digital-56k <isdn min chan> <isdn max chan> ppp <interface> 
dial-backup number <number> digital 64k <isdn min chan> <isdn max chan> ppp <interface> 


Syntax Description 





<number> Specifies the phone numbers to call when the backup is initiated. 

analog Indicates the number connects to an analog modem. 

cellular Indicates the number connects to a cellular modem. 

digital-56k Indicates the number belongs to a digital 56 kbps per DSO connection. 
digital-64k Indicates the number belongs to a digital 64 kbps per DSO connection. 
<isdn min chan> Specifies the minimum number of DSOs required for a digital 56 or 64 kbps 


connection. Range is 1 to 24 DSOs. 


<isdn max chan> Specifies the maximum number of DSOs desired for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 


ppp <interface> Specifies the PPP interface to use as the backup for this interface. For 
example, ppp 1. 


Default Values 





By default, there are no configured dial-backup numbers. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 
Release 17.2 Command was expanded to include cellular connections. 


Usage Examples 





The following example configures AOS to dial 704-555-1212 (digital 64 kbps connection) to initiate 
dial-backup operation for this endpoint using the configured ppp 1 backup interface: 


(config)#interface hdlc 1 
(config-hdlc 1)#dial-backup number 7045551212 digital-64k 1 1 ppp 1 
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dial-backup priority <va/ue> 


Use the dial-backup priority command to select the backup priority for this interface. This allows the user 
to establish the highest priority backup link and ensure that link will override backups attempted by lower 
priority links. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1622. 


Syntax Description 





<value> Sets the relative priority of this link. Valid range is 0 to 100. A value of 100 
designates the highest priority. 


Default Values 





By default, dial-backup priority is set to 50. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example assigns the highest priority to this endpoint: 


(config)#interface hdlc 1 
(config-hdlc 1)#dial-backup priority 100 
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dial-backup randomize-timers 


Use the dial-backup randomize-timers command to randomize the call timers to minimize potential 
contention for resources. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1622. 


Syntax Description 





No subcommanas. 


Default Values 





By default, AOS does not randomize the dial-backup call timers. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to randomize the dial-backup timers associated with this endpoint: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup randomize-timers 
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dial-backup redial-delay <value> 


Use the dial-backup redial-delay command to configure the delay after an unsuccessful call until the call 
will be re-tried. Use the no form of this command to return to the default setting. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1622. 


Syntax Description 





<value> Specifies the delay in seconds between attempting to re-dial a failed backup 
attempt. Range is 10 to 3600 seconds. 


Default Values 





By default, dial-backup redial-delay is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures a redial delay of 25 seconds on this endpoint: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup redial-delay 25 
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dial-backup restore-delay <va/ue> 


Use the dial-backup restore-delay command to configure the amount of time the router will wait after the 
network is restored before disconnecting the backup link and reverting to the primary. This setting is used 
to prevent disconnecting the backup link if the primary link is “bouncing” in and out of alarm. Use the no 
form of this command to return to the default setting. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup 
call-mode on page 1622. 


Syntax Description 





<value> Specifies the number of seconds AOS will wait (after a primary link is 
restored) before disconnecting dial-backup operation. Range is 10 to 
86,400 seconds. 


Default Values 





By default, dial-backup restore-delay is set to 10 seconds. 


Command History 


Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 30 seconds before disconnecting dial-backup operation and 
restoring the primary connection for this endpoint: 


(config)#interface hdlc 1 
(config-hdic 1)#dial-backup restore-delay 30 
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dial-backup schedule 


Use the dial-backup schedule command to set the time of day that backup will be enabled. Use this 
command if backup is desired only during normal business hours and on specific days of the week. Use the 
no form of this command to disable dial-backup (as specified). For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command 
dial-backup call-mode on page 1622. Variations of this command include: 


dial-backup schedule day <name> 
dial-backup schedule enable-time <value> 
dial-backup schedule disable-time <va/ue> 


Syntax Description 


day <name> Sets the days to allow backup. Valid range is Monday through Sunday. 

enable-time <va/ue> Sets the time of day to enable backup. Time is entered in 24-hour format 
(00:00). 

disable-time <value> Sets the time of day to disable backup. Time is entered in 24-hour format 
(00:00). 


Default Values 





By default, dial-backup is enabled for all days and times if the dial-backup auto-backup command has 
been issued and the dial-backup schedule has not been entered. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example enables dial-backup Monday through Friday 8:00 am to 7:00 pm: 


(config)#interface hdlc 1 

(config-hdlc 1)#dial-backup schedule enable-time 08:00 
(config-hdic 1)#dial-backup schedule disable-time 19:00 
(config-hdic 1)#no dial-backup schedule day Saturday 
(config-hdic 1)#no dial-backup schedule day Sunday 
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dial-backup shutdown 


Use the dial-backup shutdown command to deactivate all dial-backup functionality in the unit. 
Dial-backup configuration parameters are kept intact, but the unit will not initiate (or respond) to 
dial-backup sequences in the event of a network outage. Use the no form of this command to reactivate the 
dial-backup interface. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of the command dial-backup call-mode on page 1622. 


Syntax Description 





No subcommanads. 


Default Values 





By default, all AOS interfaces are disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example deactivates the configured dial-backup interface: 


(config)#interface hdlc 1 
(config-hdlc 1)#dial-backup shutdown 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1635 


Command Reference Guide HDLC Interface Configuration Command Set 





dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the Dynamic Domain 
Name Server (DNS). 
<minutes> Specifies the intervals in minutes to update the server with information 


(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case-sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case-sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
to manage IP address mappings (A records), domain aliases (CNAME records) and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services Inc., (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 
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dyndns-custom - DynDNS.org's Custom DNSS™ service provides a full DNS solution, giving you 
complete control over an entire domain name. A web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for the most common configuration and allows for easy creation of most common record 
types. The advanced interface is designed for system administrators with a solid DNS background, and 
provides layout and functionality similar to a BIND zone file allowing for the creation of nearly any record 


type. 


Custom DNSS™ can be used with both static and dynamic IPs and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS service in that it 
allows a host name such as yourname.dyndns.org to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate though the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
which also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the dynamic-dns to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface hdlc 1 
(config-hdic 1)#dynamic-dns dyndns-custom host user pass 
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fair-queue 


Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of 
this command to disable WFQ and enable FIFO (first-in-first-out) queueing for an interface. WFQ is 
enabled by default for WAN interfaces. Variations of this command: 


fair-queue 
fair-queue <value> 


Syntax Description 





<value> Optional. Value that specifies the maximum number of packets that can be 
present in each conversation sub-queue. Packets received for a 
conversation after this limit is reached are discarded. Range is 16 to 
512 packets. 


Default Values 





By default, fair-queue is enabled with a threshold of 64 packets. 


Command History 


Release 9.1 Command was introduced. 


Usage Examples 





The following example enables WFQ on the interface with a threshold set at 100 packets: 


(config)#interface hdlc 1 
(config-hdlc 1)#fair-queue 100 
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hold-queue <va/ue> out 


Use the hold-queue command to change the overall size of an interface's WAN output queue. Use the no 
form of this command to return to the default settings. 


Syntax Description 


<value> The total number of packets the output queue can contain before packets 
are dropped. Range is 16 to 1000 packets. 


Default Values 





The default queue size for WFQ is 400. The default queue size for PPP FIFO and Frame Relay 
round-robin is 200. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example sets the overall output queue size to 700: 


(config)#interface hdlc 1 
(config-hdic 1)#hold-queue 700 
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ip access-group <name> 


Use the ip access-group command to create an access control list to be used for packets transmitted on or 
received from the specified interface. Use the no form of this command to disable this type of control. 
Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Assigned IP access control list name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 


The following example sets up the unit to only allow Telnet traffic (as defined in the user-configured 
TelnetOnly IP access control list) into the HDLC interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#int hdlc 1 

config-hdlc 1)#ip access-group TelnetOnly in 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the no form of this 
command to remove a configured IP address. Variations of this command include: 


ip address <ip address> <subnet mask> 
ip address </p address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 

<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 





By default, there are no assigned IP addresses. 


Command History 





Release 9.1 Command was introduced 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 





The following example configures a secondary IP address of 192.22.72.101/30: 


(config)#hdlc 1 
(config-hdlc 1)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip directed-broadcast 


Use the ip directed broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this command. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list name. 


default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an access control list 
with this command. In this case, only directed broadcasts that are permitted by the specified access 
control list will be forwarded, and all other directed broadcasts directed to this interface subnet will be 
dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service attacks 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface hdlc 1: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip directed-broadcast 
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ip flow 


Use the ip flow command to enable Integrated Traffic Monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of the command to disable traffic monitoring. Variations of this 
command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Defaults 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Example 





The following example enables traffic monitoring on an HDLC interface to monitor incoming traffic through 
an ACL called myacl: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 9.1 Command was introduced 


Functional Notes 





When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign a helper-address(es) (Specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 


1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 

4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248/30 subnet). 


Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface hdlc 1 
(config-hdlc 1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to 
the interface, when a leave is received, multicast of that group is 
immediately terminated as opposed to sending a group query and timing 
out the group if no device responds. Works in conjunction with ip igmp 
last-member-query-interval. Applies to all groups when configured. 
Use the no form of this command to disable the immediate-leave 
feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 


static-group <address> Configures the router's interface to be a statically-connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 





Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 


Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on 
an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 16517 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group <address> command (on page 1646) to receive multicast traffic without 
host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all 
host-initiated IGMP transactions will enter multicast routes on the router’s interface involved with IGMP 
activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP 
proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 10.1 Command was expanded to include HDLC interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1648, and 
jp mcast-stub upstream on page 1651 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface hdlc 1 
(config-hdic 1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1648 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize OSPF settings (if needed). Use the no form of these commands to 
return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 


retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 


Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 
1 to 65,535. 


Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 

32,767 seconds. 


Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 


Configures OSPF Message Digest 5 (MD5) authentication 
(16-byte max) keys. 
Sets the OSPF priority. The value set in this field helps 


determine the designated router for this network. Range is 
0 to 255. 


Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 


Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


40 seconds 


10 seconds: Ethernet, point-to-point, Frame Relay, Tunnel, and 
PPP 


5 seconds 
1 second 
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Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25,000: 


(config)#interface hdlc 1 
(config-hdic 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing OSPF 
authentication. Use the no form of this command to return to the default setting. Variations of this 
command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Select message-digest authentication type. 
null Optional. Specifies that no authentication be used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example specifies that no authentication will be used on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Set the network type for broadcast. 
point-to-point Set the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. All other interfaces default to point-to-point. 


Command History 


Release 9.1 Command was introduced. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 


The following example designates a broadcast network type: 


(config)#interface hdlc 1 
(config-hdic 1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a Rendezvous Point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the HDLC 1 interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the routers priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4,294,967,295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the HDLC 1 interface: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip pim-sparse dr-priority 5 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the HDLC 1 interface every 3600 seconds: 


(config)#interface hdlc 1 
(config-hdic 1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10,800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface hdlc 1 
(config-hdic 1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65,535 milliseconds. 


Default Values 





By default, the override interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override interval to 3000 milliseconds: 


(config)#interface hdlc 1 
(config-hdic 1)#ip pim-sparse override-interval 3000 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1660 


Command Reference Guide HDLC Interface Configuration Command Set 





ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32,767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the expected propagation delay to 300 milliseconds on the HDLC 1 interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip pim-sparse propagation-delay 300 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route-map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the HDLC 1 interface: 


(config)#interface hdlc 1 
(config-hdic 1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified MAC address and 
forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the 
unit accepts in all RIP packets received on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Only accept received RIP version 1 packets on the interface. 
2 Only accept received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Use the ip rip receive version command to specify a RIP version that overrides the version (in the 
Router RIP) configuration. Refer to version on page 2238 for more information. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the HDLC interface to accept only RIP version 2 packets: 


(config)#interface hdlc 1 
(config-hdlic 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the 
unit sends in all RIP packets transmitted on the interface. Use the no form of this command to restore the 
default value. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Only transmits RIP version 1 packets on the interface. 
2 Only transmits RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Use the ip rip send version command to specify a RIP version that overrides the version (in the Router 
RIP) configuration. Refer to version on page 2238 for more information. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the HDLC interface to transmit only RIP version 2 packets: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface hdlc 1 
(config-hdic 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


Wo Using Network Address Translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-caching is enabled on all interfaces. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast switching on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; for a 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ? 
for a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 9.1 Command was introduced. 
Release 11.1 Command was expanded to include demand interface. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Frame 
Relay subinterface Configuration mode configures the Frame Relay subinterface to use the IP address 
assigned to the Ethernet interface for all IP processing. In addition, AOS uses the specified interface 
information when sending route updates over the unnumbered interface. 


Usage Examples 





The following example configures the HDLC interface to use the IP address assigned to the Ethernet 
interface 0/1: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <filtername> http command before applying it to the interface. 
Refer to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through the HDLC interface and 
matches the URL filter named MyFilter: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
the command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP related 
UT settings on that interface. 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF which is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF but multiple interfaces can be assigned to the same VRF. 


An interface will only forward |P-traffic that matches its associated VRF. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the hdlc 1 interface to the VRF instance named RED: 


(config)#interface hdlc 1 
(config-hdlc 1)#ip vrf forwarding RED 
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keepalive <value> 
Use the keepalive command to enable the transmission of keepalive packets on the interface and specify 


the time interval in seconds between transmitted packets. Use the no form of this command to return to the 
default setting. 


Syntax Description 





<value> Defines the time interval (in seconds) between transmitted keepalive 
packets. Valid range is 0 to 32,767 seconds. 


Default Values 





By default, the time interval between transmitted keepalive packets is 10 seconds. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





If three keepalive packets are sent to an interface with no response, the interface is considered down. To 
detect interface failures quickly, specify a smaller keepalive time. 


Usage Examples 





The following example specifies a keepalive time of 5 seconds on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#keepalive 5 
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lldp receive 


Use the Ildp receive command to allow LLDP packets to be received on this interface. Use the no form of 
this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example configures the HDLC interface to receive LLDP packets: 


(config)#interface hdlc 1 
(config-hdlc 1)#lldp receive 
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lldp send 


Use the Ildp send command to configure this interface to transmit LLDP packets or to control the types of 
information contained in the LLDP packets transmitted by this interface. Use the no form of these 
commands to disable these features. Variations of this command include: 


lldp send 

lidp send management-address 
lldp send port-description 

lldp send system-capabilities 
lldp send system-description 
lldp send system-name 

lldp send-and-receive 


Syntax Description 





management-address Enables transmission of management address information on this interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
and-receive Configures this interface to both transmit and receive LLDP packets. 


Default Values 





By default, all interfaces are configured to transmit and receive LLDP packets of all types. 


Command History 


Release 9.1 Command was introduced. 


Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 
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Usage Examples 





The following example configures the HDLC interface to transmit LLDP packets containing all enabled 
information types: 


(config)#interface hdlc 1 
(config-hdlic 1)#Ildp send 
The following example configures the HDLC to transmit and receive LLDP packets containing all 


information types: 


(config)#interface hdlc 1 
(config-hdlc 1)#Ildp send-and-receive 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for QoS. This 
setting is configured as a percentage of the total interface speed. Range is 
1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent of the bandwidth on the HDLC 1 be available for use in 
user-defined queues: 


(config)#interface hdlc 1 
(config-hdic 1)#max-reserved-bandwidth 85 
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media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for RTP traffic. When 
configuring VoIP, RTP traffic needs an IP address to be associated with it. However, some interfaces allow 
“dynamic” configuration of IP addresses, and thus, this value could change periodically. Use the no form 
of these commands to disable these functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary <ip address> 


Syntax Description 





loopback <ip address> Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


primary Use the IP address that is configured as primary on this interface. Applies to 
static, DHCP, or negotiated addresses. 


secondary <ip address> Use the statically defined secondary IP address of this interface to be used 
for RTP traffic. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 





By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface hdlc 1 
(config-hdic 1)#media-gateway ip primary 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1676 


Command Reference Guide HDLC Interface Configuration Command Set 





mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 


OSPF will not become adjacent on links where the MTU sizes do not match. If router A and router B are 
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by 
design and required by the RFC. 


Usage Examples 





The following example specifies an MTU of 1200 on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#mtu 1200 
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qos-policy 


Use the qos-policy command to apply a previously-configured Quality of Service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously-created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 9.1 Command was introduced. 
Release 15.1 Command was expanded to include in option. 


Functional Notes 


When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 
2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. A cross-connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing. 

6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 
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Usage Examples 





The following example applies the QoS map VOICEMAP to the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#qos-policy out VOICEMAP 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#rtp quality-monitoring 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example disables the link-status trap on the HDLC interface: 


(config)#interface hdlc 1 
(config-hdic 1)#no snmp trap link-status 
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LOOPBACK INTERFACE CONFIGURATION COMMAND SET 





To create a virtual loopback interface and/or activate the Loopback Interface Configuration mode, enter 
the interface loopback command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface loopback 1 
(config-loop 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1683 
bandwidth <value> on page 1684 
crypto map <name> on page 1685 
dynamic-dns on page 1687 

ip commands begin on page 1689 
mtu <size> on page 1721 

rtp quality-monitoring on page 1722 
snmp trap on page 1723 

snmp trap link-status on page 1724 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case-sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the loopback interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the loopback interface 1: 


(config)#interface loopback 1 
(config-loop 1)#access-policy Private 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4,294,967,295 kbps. 


Default Values 





To view default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher-level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the loopback interface to 10 Mbps: 


(config)#interface loopback 1 
(config-loop 1)#bandwidth 10000 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps which 
share the same name but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Specifies the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep 
the following information in mind: 


When defining the policy class and associated access-control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted) it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local-side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the loopback interface: 


(config)#interface loopback 1 
(config-loop 1)#crypto map MyMap 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the hostname for the server that updates the Dynamic Domain 
Name Server (DNS). 
<minutes> Specifies the intervals in minutes to update the server with information 


(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case-sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case-sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSS™ service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
to manage IP address mappings (A records), domain aliases (CNAME records) and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services Inc., (DynDNS.org) allows you to 
alias a dynamic IP address to a static hostname in various domains. This allows your unit to be more easily 
accessed from various locations on the Internet. This service is provided for up to five hostnames. 


dyndns-custom - DynDNS.org's Custom DNSSM service provides a full DNS solution, giving you 
complete control over an entire domain name. A web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 
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A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for the most common configuration and allows for easy creation of most common record 
types. The advanced interface is designed for system administrators with a solid DNS background, and 
provides layout and functionality similar to a BIND zone file allowing for the creation of nearly any record 
type. 


Custom DNSSM can be used with both static and dynamic IPs and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS service in that it 
allows a hostname such as yourname.dyndns.org to point to your IP address. Unlike a Dynamic DNS host, 
a Static DNS host does not expire after 35 days without updates, but updates take longer to propagate 
though the DNS system. This service is provided for up to five hostnames. 


If your IP address does not change often or at all but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
which also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the dynamic-dns to dyndns-custom with hostname host, username user, and 
password pass: 


(config)#interface loopback 1 
(config-loop 1)#dynamic-dns dyndns-custom host user pass 
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ip access-group <name> 


Use the ip access-group command to create an access control list to be used for packets transmitted on or 
received from the specified interface. Use the no form of this command to disable this type of control. 
Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Specifies IP access control list name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 
The following example sets up the router to allow only Telnet traffic into the loopback interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eg telnet 
config-ext-nacl)#interface loopback 1 
config-loop 1)#ip access-group TelnetOnly in 


aN aN 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the optional 
secondary keyword to define a secondary IP address. Use the no form of this command to remove a 
configured IP address. Variations of this command include: 


ip address <i/p address> <subnet mask> 
ip address <ip address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 
Release 2.1 Added ip address dhcp for DHCP client support. 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 





The following example configures a secondary IP address of 192.22.72.101/30: 


(config)#interface loopback 1 
(config-loop 1)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip directed-broadcast 


Use the ip directed broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this command. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list name. 


default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an access control list 
with this command. In this case, only directed broadcasts that are permitted by the specified access 
control list will be forwarded, and all other directed broadcasts directed to this interface subnet will be 
dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service attacks 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface loopback 1: 


(config)#interface loopback 1 
(config-loop 1)#ip directed-broadcast 
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ip flow 


Use the ip flow command to enable Integrated Traffic Monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of the command to disable traffic monitoring. Variations of this 
command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Defaults 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Example 





The following example enables traffic monitoring on a loopback interface to monitor incoming traffic 
through an ACL called myacl: 


(config)#interface loopback 1 
(config-loop 1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign a helper-address(es) (Specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248/30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface loopback 1 
(config-loop 1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to 
the interface, when a leave is received, multicast of that group is 
immediately terminated as opposed to sending a group query and timing 
out the group if no device responds. Works in conjunction with ip igmp 
last-member-query-interval. Applies to all groups when configured. 
Use the no form of this command to disable the immediate-leave 
feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 


static-group <address> Configures the router's interface to be a statically-connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 





Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface loopback 1 
(config-loop 1)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 


Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on 
an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 17071 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface loopback 1 
(config-loop 1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group </p address> command to receive multicast traffic without host-initiated Internet 
Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all host-initiated IGMP 
transactions will enter multicast routes on the router’s interface involved with IGMP activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface loopback 1 
(config-loop 1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP 
proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 
Release 10.1 Command was expanded to include loopback interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1698, and 
jp mcast-stub upstream on page 1701 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface loopback 1 
(config-loop 1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1698 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface loopback 1 
(config-loop 1)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize OSPF settings (if needed). Use the no form of these commands to 
return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


retransmit-interval <seconds> 
transmit-delay <seconds> 
hello-interval <seconds> 
dead-interval <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 


Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 
1 to 65,535. 


Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 32,767 
seconds. 


Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 


Configures OSPF Message Digest 5 (MD5) authentication 
(16-byte max) keys. 
Sets the OSPF priority. The value set in this field helps 


determine the designated router for this network. Range is 
0 to 255. 


Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 


Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


5 seconds 

1 second 

10 seconds: Ethernet, point-to-point, Frame Relay, and PPP 
40 seconds 
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Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25,000: 


(config)#interface loopback 1 
(config-loop 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing OSPF 
authentication. Use the no form of this command to return to the default setting. Variations of this 
command include: 


ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Specifies the message-digest authentication type. 
null Optional. Specifies for no authentication to be used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example specifies that no authentication will be used on the loopback interface: 


(config)#interface loopback 1 
(config-loop 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point. 


Command History 


Release 3.1 Command was introduced. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 


The following example designates a broadcast network type: 


(config)#interface loopback 1 
(config-loop 1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a Rendezvous Point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface loopback 1 
(config-loop 1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the routers priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4,294,967,295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the Loopback 1 interface: 


(config)#interface loopback 1 
(config-loop 1)#ip pim-sparse dr-priority 100 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the Loopback 1 interface every 3600 seconds: 


(config)#interface loopback 1 
(config-loop 1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10,800 seconds. 


Default Values 





By default, the PIM sparse neighbor timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface loopback 1 
(config-loop 1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65,535 milliseconds. 


Default Values 





By default, the override interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override interval to 3000 milliseconds: 


(config)#interface loopback 1 
(config-loop 1)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32,767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds: 


(config)#interface loopback 1 
(config-loop 1)#ip pim-sparse propagation-delay 300 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route-map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the interface: 


(config)#interface loopback 1 
(config-loop 1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy-arp is enabled, AOS will respond to all proxy-arp requests with its specified MAC address and 
forward packets accordingly. 


Enabling proxy-arp on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the loopback interface: 


(config)#interface loopback 1 
(config-loop 1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the Routing Information Protocol (RIP) version the 
unit accepts in all RIP packets received on the interface. Use the no form of this command to return to the 
default setting. Variations of this command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only received RIP version 1 packets on the interface. 
2 Accepts only received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip receive version to specify a RIP version that overrides the version (in the Router RIP) 
configuration. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the loopback interface to accept only RIP version 2 packets: 


(config)#interface loopback 1 
(config-loop 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the Routing Information Protocol (RIP) version the 
unit sends in all RIP packets transmitted on the interface. Use the no form of this command to return to the 
default setting. Variations of this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip send version to specify a RIP version that overrides the version (in the Router RIP) 
configuration. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the loopback interface to transmit only RIP version 2 packets: 


(config)#interface loopback 1 
(config-loop 1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface loopback 1 
(config-loopback 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


Wo Using Network Address Translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP 
route-cache is enabled for all virtual PPP interfaces. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 


Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast switching on the loopback interface: 


(config)#interface loopback 1 
(config-loop 1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1tap 1/1.1. Type ip unnumbered ? for a complete list of valid 
interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command was expanded to include demand interfaces. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered ppp 1 while in the Ethernet 
Interface Configuration mode configures the Ethernet interface to use the IP address assigned to the PPP 
interface for all IP processing. In addition, AOS uses the specified interface information when sending 
route updates over the unnumbered interface. 


Usage Examples 





The following example configures the loopback interface (labeled loop 1) to use the IP address assigned 
to the PPP interface (ppp 1): 


(config)#interface loopback 1 
(config-loop 1)#ip unnumbered ppp 1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <filtername> http command before applying it to the interface. 
Refer to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through the loopback interface (labeled 
loop 1) and matches the URL filter named MyFilter: 


(config)#interface loopback 1 
(config-loop 1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
the command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP related 
UT settings on that interface. 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF which is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF but multiple interfaces can be assigned to the same VRF. 


An interface will only forward |P-traffic that matches its associated VRF. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the eth 0/1 interface to the VRF instance named RED: 


(config)#interface eth 0/1 
(config-eth 0/1)#ip vrf forwarding RED 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit size for the active interface. Use the no 
form of this command to return to the default value. 


Syntax Description 





<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





OSPF will not become adjacent on links where the MTU sizes do not match. If router A and router B are 
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by 
design and required by the RFC. 


Usage Examples 





The following example specifies an MTU of 1200 on the loopback interface: 


(config)#interface loopback 1 
(config-loop 1)#mtu 1200 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the loopback interface: 


(config)#interface loopback 1 
(config-loopback 1)#rtp quality-monitoring 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP capability on the loopback interface: 


(config)#interface loopback 1 
(config-loopback 1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the loopback interface: 


(config)#interface loopback 1 
(config-loop 1)#no snmp trap link-status 
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PORT CHANNEL INTERFACE CONFIG COMMAND SET 





To create a virtual link aggregation interface and/or activate the Port Channel Interface Configuration 
mode, enter the interface port-channel command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface port-channel 1 
(config-p-chan1 )# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


arp arpa on page 1726 

lldp receive on page 1727 

lldp send on page 1728 

gos on page 1730 

snmp trap on page 1731 

snmp trap link-status on page 1732 

spanning tree commands begin on page 1733 
storm-control action shutdown on page 1739 
storm-control on page 1740 


switchport commands begin on page 1742 
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arp arpa 


Use the arp arpa command to set ARPA as the standard address resolution protocol (ARP) on this 
interface. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





The default for this command is arpa. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables standard ARP for the port channel interface: 


(config)#interface port-channel 1 
(config-p-chan1)#arp arpa 
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lldp receive 


Use the Ildp receive command to allow LLDP packets to be received on this interface. Use the no form of 
this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example configures the port channel interface to receive LLDP packets: 


(config)#interface port-channel 1 
(config-p-chan1)#lldp receive 
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lldp send 


Use the Ildp send command to configure this interface to transmit LLDP packets or to control the types of 
information contained in the LLDP packets transmitted by this interface. Use the no form of these 
command to disable these features. Variations of this command include: 


lldp send management-address 
lldp send port-description 

lldp send system-capabilities 
lldp send system-description 
lldp send system-name 

lldp send-and-receive 


Syntax Description 





management-address Enables transmission of management address information on this interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
and-receive Configures this interface to both transmit and receive LLDP packets. 


Default Values 





By default, all interfaces are configured to transmit and receive LLDP packets of all types. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 
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Usage Examples 





The following example configures the port channel interface to transmit LLDP packets containing all 
enabled information types: 


(config)#interface port-channel 1 

(config-p-chan1)#lIldp send 

The following example configures the port channel interface to transmit and receive LLDP packets 
containing all information types: 


(config)#interface port-channel 1 
(config-p-chan1)#lldp send and-receive 
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qos 


Use the qos command to set the interface to the trusted state and to set the default Class of Service (CoS) 
value. To return to defaults, use the no version of this command. Variations of this command include: 


qos default-cos <value> 
qos trust cos 


Syntax Description 





default-cos <value> Sets the default CoS value for untrusted ports and all untagged packets. 
Range is 0 to 7. 
trust cos Sets the interface to the trusted state. 


Default Values 





By default, the interface is untrusted with a default CoS of 0. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Set the interface to trust cos if received 802.1P CoS values are considered valid (i.e., no need to 
reclassify) and do not need to be tagged with the default value. When set to untrusted, the default-cos 
value for the interface is used. 


Usage Examples 





The following example sets port channel 1 as a trusted interface and assigns untagged packets a CoS 
value of 1: 


(config)#interface port-channel 1 
(config-p-chan1)#qos trust cos 
(config-p-chan1)#qos default-cos 1 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP capability on the port channel interface: 


(config)#interface port-channel 1 
(config-p-chan1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the port channel interface: 


(config)#interface port-channel 1 
(config-p-chan1)#no snmp trap link-status 
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spanning-tree bpdufilter 


Use the spanning-tree bpdufilter command to enable or disable the BPDU filter on a specific interface. 
This setting overrides the related global setting (refer to spanning-tree edgeport default on page 932). Use 
the no version of the command to return to the default setting. Variations of this command include: 


spanning-tree bpdufilter disable 
spanning-tree bpdufilter enable 


Syntax Description 





disable Disables BPDU filter for this interface. 
enable Enables BPDU filter for this interface. 


Default Values 





By default, this setting is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The bpdufilter blocks any BPDUs from being transmitted and received on an interface. 


Usage Examples 

The following example enables the BPDU filter on the port channel interface: 
(config)#interface port-channel 3 

(config-p-chan3)#spanning-tree bpdufilter enable 

The BPDU filter can be disabled on port channel 3 by issuing the following commands: 


(config)#interface port-channel 3 
(config-p-chan3)#spanning-tree bpdufilter disable 
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spanning-tree bpduguard 


Use the spanning-tree bpduguard command to enable or disable the BPDU guard on a specific interface. 
This setting overrides the related global setting (refer to spanning-tree edgeport default on page 932). Use 
the no version of the command to return to the default setting. Variations of this command include: 


spanning-tree bpduguard disable 
spanning-tree bpduguard enable 


Syntax Description 





disable Disables BPDU guard for this interface. 
enable Enables BPDU guard for this interface. 


Default Values 





By default, this setting is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The bpduguard blocks any BPDUs from being received on an interface. 


Usage Examples 

The following example enables the BPDU guard on the port channel interface: 
(config)#interface port-channel 3 

(config-p-chan3)#spanning-tree bpduguard enable 

The BPDU guard can be disabled on port channel 3 by issuing the following commands: 


(config)#interface port-channel 3 
(config-p-chan3)#spanning-tree bpduguard disable 
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spanning-tree cost <value> 


Use the spanning-tree cost command to assign a cost to the interface. The cost value is used when 
computing the spanning-tree root path. Use the no version of the command to return to the default setting. 


Syntax Description 


<value> Specifies a cost value of 1 to 200,000,000. 


Default Values 





By default, the cost value is set to 1000/(link speed in Mbps). 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the interface to a path cost of 1200: 


(config)#interface port-channel 3 
(config-p-chan3)#spanning-tree cost 1200 
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spanning-tree edgeport 
Use the spanning-tree edgeport command to configure the interface to be an edgeport. This command 


overrides the Global setting (refer to spanning-tree edgeport default on page 932). Use the no version of 
the command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this setting is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Enabling this command configures the interface to go to a forwarding state when the link goes up. 


Usage Examples 





The following example configures the interface to be an edgeport: 

(config)#interface port-channel 1 

(config-p-chan1)#spanning-tree edgeport 

An individual interface can be configured to not be considered an edgeport. For example: 
(config)#interface port-channel 1 

(config-p-chan1)#spanning-tree edgeport disable 

or 


(config)#interface port-channel 1 
(config-p-chan1)#no spanning-tree edgeport 
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spanning-tree link-type 


Use the spanning-tree link-type command to configure the spanning tree protocol link type for each 
interface. Use the no version of the command to return to the default setting. Variations of this command 
include: 


spanning-tree link-type auto 
spanning-tree link-type point-to-point 
spanning-tree link-type shared 


Syntax Description 





auto Determines link type by the port’s duplex settings. 
point-to-point Manually sets link type to point-to-point, regardless of duplex settings. 
shared Manually sets link type to shared, regardless of duplex settings. 


Default Values 





By default, the interface is set to auto. 


Command History 


Release 5.1 Command was introduced. 


Functional Notes 





This command overrides the default link type setting determined by the duplex of the individual port. By 
default, a port configured for half-duplex is set to shared link type, and a port configured for full-duplex is 
set to point-to-point link type. Setting the link type manually overrides the default and forces the port to 
use the specified link type. Use the link-type auto command to restore the convention of determining link 
type based on duplex settings. 


Usage Examples 





The following example forces the link type to point-to-point, even if the port is configured to be 
half-duplex: 


(config)#interface port-channel 1 
(config-p-chan1)#spanning-tree link-type point-to-point 


Technology Review 


Rapid transitions are possible in RSTP (rapid spanning-tree protocol) by taking advantage of point-to-point 
links (a port is connected to exactly one other bridge) and edge-port connections (a port is not connected 
to any additional bridges). Setting the link type to point-to-point allows a half-duplex link to act as if it were 
a point-to-point link. 
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spanning-tree port-priority <va/ue> 


Use the spanning-tree port-priority command to select the priority level of this interface. To return to the 
default setting, use the no version of this command. 


Syntax Description 


<value> Specifies a priority-level value from 0 to 240 (this value must be in 
increments of 16). 


Default Values 





By default, the spanning-tree port-priority is set to 128. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The only time that this priority level is used is when two interfaces with a path to the root have equal cost. 
At that point, the level set in this command will determine which port the spanning-tree will use. Set the 
priority value lower to increase the chance the interface will be used. 


Usage Examples 





The following example sets the interface to a priority of 96: 


(config)#interface port-channel 4 
(config-p-chan4)#spanning-tree port-priority 96 
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storm-control action shutdown 


Use the storm-control action shutdown command to specify that the unit should shutdown when a 
broadcast, multicast, or unicast storm occurs. To disable the option, use the no version of this command. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled; the interface will only filter traffic. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Enabling this option shuts down the interface if a multicast, unicast, or broadcast storm occurs. 


Usage Examples 





The following example shuts down the port channel interface if a storm is detected: 


(config)#interface port-channel 1 
(config-p-chan1)#storm-control action shutdown 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1739 


Command Reference Guide Port Channel Interface Config Command Set 





storm-control 


Use the storm-control command to configure limits on the rates of broadcast, multicast, and unicast traffic 
on a port. To disable storm-control, use the no version of this command. Variations of this command 
include: 


storm-control broadcast level <rising level> 
storm-control broadcast level <rising level> <falling level> 
storm-control multicast level <rising level> 
storm-control multicast level <rising level> <falling level> 
storm-control unicast level <rising level> 

storm-control unicast level <rising level> <falling level> 


Syntax Description 





broadcast level Sets levels for broadcast traffic. 

multicast level Sets levels for multicast traffic. 

unicast level Sets levels for unicast traffic. 

<rising level> Specifies a rising level which determines the percentage of total bandwidth 
the port accepts before it begins blocking packets. Range is 1 to 100 
percent. 

<falling level> Optional. Specifies a falling level which determines when the storm is 


considered over, causing AOS to no longer block packets. This level must 
be less than the rising level. Range is 1 to 100 percent. 


Default Values 





By default, storm control is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





This setting configures the rising and falling suppression values. When the selected rising level (which is a 
percentage of total bandwidth) is reached, the port begins blocking packets of the specified type (i.e., 
broadcast, multicast, or unicast). AOS uses the rising level as its falling level if no falling level is specified. 
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Usage Examples 





The following example sets the rising suppression level to 85 percent for multicast packets: 
(config)#interface port-channel 1 

(config-p-chan1)#storm-control multicast level 85 

The following example sets the rising suppression level to 80 percent for broadcast packets, with a falling 


level of 50 percent: 


(config)#interface port-channel 1 
(config-p-chan1)#storm-control broadcast level 80 50 
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switchport access vlan <vian id> 


Use the switchport access vlan command to set the port to be a member of the VLAN when in access 
mode. To reset the port to be a member of the default VLAN, use the no version of this command. 


Syntax Description 


<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 
By default, this is set to VLAN 1 (the default VLAN). 





Command History 





Release 5.1 Command was introduced. 


Functional Notes 





If the port is in the trunk mode, this command will not alter the switchport mode to access. Instead it will 
save the value to be applied when the port does switch to access mode. Refer to switchport mode on page 
1744 for more information. 


Usage Examples 





The following example sets the switchport mode to static-access and makes the port channel 1 a member 
of VLAN 2: 


(config)#interface port-channel 1 
(config-p-chan1)#switchport mode access 
(config-p-chan1)#switchport access vlan 2 
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switchport gvrp 


Use the switchport gvrp command to enable GARP VLAN Registration Protocol (GVRP) on an interface. 
Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 
By default, GVRP is disabled on all ports. 





Command History 





Release 8.1 Command was introduced. 


Functional Notes 





Enabling GVRP on any interface enables GVRP globally. 


Usage Examples 





The following example enables GVRP on port channel 3: 


(config)#interface port-channel 3 
(config-p-chan3)#switchport gvrp 
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switchport mode 


Use the switchport mode command to configure the VLAN membership mode. To reset membership 
mode to the default value, use the no version of this command. Variations of this command include: 


switchport mode access 
switchport mode trunk 


Syntax Description 





access Sets port to be a single (non-trunked) port that transmits and receives no 
tagged packets. 
trunk Sets port to transmit and receive packets on all VLANs included within its 


VLAN allowed list. 


Default Values 





By default, this is set to access. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the port to be a trunk port: 


(config)#interface port-channel 1 
(config-p-chan1)#switchport mode trunk 
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switchport trunk allowed vian 


Use the switchport trunk allowed vlan command to allow certain VLANs to transmit and receive traffic 
on this port when the interface is in trunking mode. To return to defaults, use the no version of this 
command. Variations of this command include: 


switchport trunk allowed vlan </ist> 
switchport trunk allowed vian add </ist> 
switchport trunk allowed vlan all 
switchport trunk allowed vlan except </ist> 
switchport trunk allowed vlan remove </ist> 


Syntax Description 





add Adds the specified VLAN IDs to the VLAN trunking allowed list. 

all Adds all configured VLAN IDs to the VLAN trunking allowed list. 

except Adds all configured VLAN IDs to the VLAN trunking allowed list except 
those specified in the VLAN ID list. 

remove Removes VLAN IDs from the VLAN trunking allowed list. 

<list> Specifies a list of valid VLAN interface IDs. Refer to Functional Notes below 


for additional syntax considerations. 


Default Values 





By default, all valid VLANs are allowed. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 


A VLAN list is a set of VLAN IDs. A valid VLAN ID value must be from 1 to 4094 (inclusive). Each VLAN ID 
in a list is delimited by commas, yet a range of IDs may be expressed as a single element by using a 
hyphen between endpoints. For example the VLAN ID range 1,2,3,4,6,7,8,9,500 may be more easily 
expressed as 1-4,6-9,500. No spaces are allowed in a valid ID range. 





Usage Examples 





The following example adds VLANs to the previously existing list of VLANs allowed to transmit and receive 
on this port: 


(config)#interface port-channel 1 
(config-p-chan1)#switchport trunk allowed vian add 1-4,7-9,500 
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switchport trunk fixed vian 


Use the switchport trunk fixed vlan command to change the configured list of VLANs that remain fixed 
in use only when GVRP is enabled on the interface. Of these VLANs, VLANs statically or dynamically 
created will be available for use on the interface. Use the no form of this command to return to the default 
setting. Variations of this command include: 


switchport trunk fixed vlan </ist> 
switchport trunk fixed vlan add </ist> 
switchport trunk fixed vlan all 
switchport trunk fixed vlan except </ist> 
switchport trunk fixed vlan remove </ist> 


Syntax Description 





add Adds VLANs to the VLAN GVRP trunking fixed list. 

all Adds all VLANs to the VLAN GVRP trunking fixed list. 

except Adds all VLAN IDs to the VLAN trunking fixed list except those in the 
command line VLAN ID list. 

none Removes all VLANs from the VLAN GVRP trunking fixed list. 

remove Removes VLAN from the VLAN trunking fixed list. 

<list> Specifies a list of valid VLAN interface IDs. Refer to Functional Notes below 


for additional syntax considerations. 


Default Values 





By default, no VLANs are in the VLAN GVRP trunking fixed list (switchport trunk fixed vlan none). 


Command History 


Release 8.1 Command was introduced. 


Functional Notes 





This command has no effect on VLAN membership configuration unless GVRP is enabled on the interface. 
Refer to gvrp on page 669 for information on enabling GVRP. 


A VLAN list is a set of VLAN IDs. A valid VLAN ID value must be from 1 to 4094 (inclusive). Each VLAN ID 
in a list is delimited by commas, yet a range of IDs may be expressed as a single element by using a 
hyphen between endpoints. For example the VLAN ID range 1,2,3,4,6,7,8,9,500 may be more easily 
expressed as 1-4,6-9,500. No spaces are allowed in a valid ID range. 
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Usage Examples 





The following example changes the configured list of fixed VLANs by adding VLAN 50 to the list: 


config-p-chan1 
config-p-chan1 
config-p-chan1 
config-p-chan1 


#switchport trunk fixed vian add 1-15,25-30,40 
# 

#switchport trunk fixed vlan add 50 

# 


aN aN 
YS wa WY WH 
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switchport trunk native vlan <vian id> 


Use the switchport trunk native vlan command to set the VLAN native to the interface when the 
interface is in trunking mode. To return to defaults, use the no version of this command. 


Syntax Description 
<vian id> Specifies a valid VLAN interface ID. Range is 1 to 4094. 


Default Values 





By default, switchport trunk native vian is set to VLAN 1. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Configure which VLAN the interface uses as its native VLAN during trunking. Packets from this VLAN 
leaving the interface will not be tagged with the VLAN number. Any untagged packets received by the 
interface are considered a part of the native VLAN ID. 


Usage Examples 





The following example sets the native VLAN on port channel 1 to VLAN 2: 


(config)#interface port-channel 1 
(config-p-chan1)#switchport trunk native vlan 2 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1748 


Command Reference Guide PPP Interface Configuration Command Set 





PPP INTERFACE CONFIGURATION COMMAND SET 


To create a virtual point-to-point protocol (PPP) interface and/or activate the PPP Interface Configuration 
mode, enter the interface ppp command at the Global Configuration mode prompt. For example: 


>enable 
#configure terminal 
(config)#interface ppp 1 


(config-ppp 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1751 

acfc accept-compressed on page 1752 

alias link “<text>” on page 1753 

bandwidth <value> on page 1754 

bridge-group commands begin on page 1755 
crypto map <name> on page 1757 

dial-backup commands begin on page 1759 
dynamic-dns on page 1775 

fair-queue on page 1777 

hold-queue <value> out on page 1778 

ip commands begin on page 1779 

keepalive <value> on page 1815 

lldp receive on page 1816 

lldp send on page 1817 
max-reserved-bandwidth <value> on page 1819 
media-gateway ip on page 1820 

mtu <size> on page 1821 

peer default ip address <ip address> on page 1522 
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ppp commands begin on page 1823 

Dppoe ac-name <name> on page 1833 
pppoe service-name <name> on page 1834 
qos-policy on page 1835 

rtp quality-monitoring on page 1837 

snmp trap link-status on page 1838 


username <username> password <password> on page 1839 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case-sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the PPP interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the PPP interface 1: 


(config)#interface ppp 1 
(config-ppp 1)#access-policy Private 
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acfc accept-compressed 


Use the acfc accept-compressed command to enable accepting header compressed frames even if 
compression is not negotiated. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example enables accepting compressed frames: 


(config)#interface ppp 1 
(config-ppp 1)#ppp acfc accept-compressed 
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alias link “<text>” 


Use the alias link command to provide the management station with an identifying description for each 
link (PPP physical). Each configured PPP interface (when referenced using SNMP) contains a link 
(physical port) and a bundle (group of links). RFC 1471 (for Link Connection Protocol) provides an 
interface table to manage lists of bundles and associated links. Use the no form of this command to return 
to the default setting. 


Syntax Description 





“<text>” Describes the interface (for SNMP) by alphanumeric character string (must 
be encased in quotation marks). 


Default Values 





By default, the PPP identification string appears as empty quotes. (“ “) 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





The alias link string should be used to uniquely identify a PPP link. Enter a string that clearly identifies the 
link. 


Usage Examples 





The following example defines a unique character string for the virtual PPP interface (1): 
(config)#interface ppp 1 

(config-ppp 1)#alias link “PPP_link_1” 

Technology Review 


Please refer to RFC1990 for a more detailed discussion on PPP links and bundles. 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies the bandwidth value in kbps. Range is 1 to 4294967295 kbps. 


Default Values 





To view default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher-level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the PPP interface to 10 Mbps: 


(config)#interface ppp 1 
(config-ppp 1)#bandwidth 10000 
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bridge-group <number> 
Use the bridge-group command to assign an interface to the specified bridge group. This command is 


supported on all Ethernet interfaces, PPP virtual interfaces, and Frame Relay virtual subinterfaces. Use the 
no form of this command to remove an interface. 


Syntax Description 





<number> Specifies the bridge group (by number) to which to assign this interface. 
Range is 1 to 255. 


Default Values 





By default, there are no configured bridge groups. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A bridged network can provide excellent traffic management to reduce collisions and limit the amount of 
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can 
be bridged (Ethernet to T1 bridge, Ethernet to Frame Relay subinterface, etc.). 


Usage Examples 





The following example assigns the PPP interface to bridge-group 1: 


(config)#interface ppp 1 
(config-ppp 1)#bridge-group 1 
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bridge-group <number> vian-transparent 


Use the bridge-group vlan-transparent command to prevent an interface from removing the VLAN tag. 
Use the no form of this command to allow the interface to remove the VLAN tag from the packet. 





Wor The bridge-group vlan-transparent command is not a global command. The command 


must be applied on all interfaces of the bridge group. 





Syntax Description 





<number> Specifies the bridge group number. Valid range is 1 to 255. 


Default Values 


By default, VLAN tags are removed from the data. 


Command History 





Release 12.1 Command was introduced. 


Release 14.1 Command was expanded to include the HDLC interface and Frame Relay 
subinterface. 


Usage Examples 





The following example prevents the removal of VLAN tags from the packets on the PPP interface 
labeled 1: 


config)#interface ppp 1 
(config-ppp 1)#bridge-group 1 vian-transparent 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1756 


Command Reference Guide PPP Interface Configuration Command Set 





crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps which 
share the same name but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Assigns a crypto map name to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep 
the following notes in mind. 


When defining the policy class and associated access-control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted) it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local-side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#crypto map MyMap 
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dial-backup auto-backup 


Use the dial-backup auto-backup command to configure the interface to automatically attempt a 
dial-backup upon failure. Use the no form of this command to disable this feature. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
dial-backup call-mode on page 1762. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically attempt dial-backup upon a failure. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example enables automatic dial-backup on the endpoint: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup auto-backup 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1759 


Command Reference Guide PPP Interface Configuration Command Set 





dial-backup auto-restore 


Use the dial-backup auto-restore command to configure the interface to automatically discontinue 
dial-backup when all network conditions are operational. Use the no form of this command to disable the 
auto-restore feature. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of dial-backup call-mode on page 1762. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically restore the primary connection when the failure 
condition clears. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to automatically restore the primary connection when the failure 
condition clears: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup auto-restore 
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dial-backup backup-delay <value> 


Use the dial-backup backup-delay command to configure the amount of time the router will wait after the 
failure condition is recognized before attempting to backup the link. Use the no form of this command to 
return to the default value. For more detailed information on dial-backup functionality, refer to the 
Functional Notes and Technology Review sections of dial-backup call-mode on page 1762. 


Syntax Description 





<value> Specifies the delay period (in seconds) a failure must be active before AOS 
will enter backup operation on the interface. Range is 10 to 86400 seconds. 


Default Values 





By default, the dial-backup backup-delay period is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 60 seconds (on an endpoint with an active alarm condition) 
before attempting dial-backup operation: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup backup-delay 60 
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dial-backup call-mode 


Use the dial-backup call-mode command to specify whether the configured backup interface answers or 
originates (or a combination of both ) backup calls. Use the no form of this command to return to the 
default value. Variations of this command include: 


dial-backup call-mode answer 

dial-backup call-mode answer-always 
dial-backup call-mode originate 

dial-backup call-mode originate-answer 
dial-backup call-mode originate-answer-always 


Syntax Description 





answer Answers and backs up primary link on failure. 
answer-always Answers and backs up regardless of primary link state. 
originate Originates backup call on primary link failure. 
originate-answer Originates or answers call on primary link failure. 


originate-answer-always Originates on failure; answers and backs up always. 


Default Values 





By default, the dial-backup call-mode is set to originate-answer. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Functional Notes 





The majority of the configuration for AOS dial-backup implementation is configured via the dial-backup 
PPP interface configuration commands. However, the numbers dialed are configured in the primary 
interface. Full sample configurations follow: 


Sample configuration for remote router (dialing out) 


hostname “Remote3200” 

enable password adtran 

| 

interface eth 0/1 

ip address 192.168.1.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 

framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 

interface fr 1 point-to-point 

frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

| 

interface fr 1.16 point-to-point 

frame-relay interface-dlci 16 

ip address 10.1.1.2 255.255.255.252 

dial-backup call-mode originate 

dial-backup number 5551111 analog ppp1 

dial-backup number 5552222 analog ppp1 
no shutdown 

| 


interface ppp 1 

ip address 172.22.56.1 255.255.255.252 

ppp authentication chap 

username remoter outer password remotepass 
ppp chap hostname localrouter 

ppp chap password adtran 

no shutdown 

| 

ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252 
| 

line telnet 0 4 

password password 


Sample configuration for central router (dialing in) 


hostname “Central3200” 

enable password adtran 

| 

interface eth 0/1 

ip address 192.168.100.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 

framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 
interface fr 1 point-to-point 
frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

| 

interface fr 1.100 point-to-point 
frame-relay interface-dici 100 

ip address 10.1.1.1 255.255.255.252 
dial-backup call-mode answer 
dial-backup number 555-8888 analog ppp 1 
| 

interface ppp 1 

ip address 172.22.56.2 255.255.255.252 
ppp authentication chap 

username localrouter password adtran 
ppp chap hostname remoterouter 

ppp chap password remotepass 

no shutdown 

| 


ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252 


line telnet 0 4 
password password 


Usage Examples 





The following example configures AOS to generate backup calls for this endpoint using an analog modem 
interface (to phone number 555 1111) but never answer calls and specifies ppp 2 as the backup interface: 


(config)#interface ppp 1 
(config-ppp 1)#backup call-mode originate 
(config-ppp 1)#backup number 555 1111 analog ppp 2 
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Technology Review 





This technology review provides information regarding specific dial-backup router behavior (i.e., when the 
router will perform dial-backup, where in the configuration AOS accesses specific routing information, etc.): 


Dialing Out 
1. AOS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure. 


2. When placing outbound calls, AOS matches the number dialed to a PPP interface. This is accomplished 
with an addition to the dial-backup number command (refer to dial-backup number <number> on page 
1769). 


3. When placing the call, AOS uses the configuration of the related PPP interface for authentication and IP 
negotiation. 


4. If the call fails to connect on the first number dialed, AOS places a call to the second number (if a 
second number is configured). The second number to be dialed references a separate PPP interface. 


Dialing In 
1. AOS receives an inbound call on a physical interface. 
2. Caller ID is used to match the dial-backup number command to the configured PPP interface. 


3. If a match is found, the call connects and AOS pulls down the primary connection if it is not already ina 
down state. 


4. If no match is found from caller ID, the call is terminated. 
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dial-backup connect-timeout <va/ue> 


Use the dial-backup connect-timeout command to specify the number of seconds to wait for a connection 
after a call is attempted before trying to call again or dialing a different number. It is recommended this 
number be greater than 60. Use the no form of this command to return to the default setting. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of dial-backup call-mode on page 1762. 


Syntax Description 





<value> Selects the amount of time (in seconds) that the router will wait for a 
connection before attempting another call. Valid range is 10 to 300 seconds. 


Default Values 





By default, the dial-backup connect-timeout period is set to 60 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 120 seconds before retrying a failed dial-backup call: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup connect-timeout 120 
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dial-backup force 


Use the dial-backup force command to manually override the automatic dial-backup feature. This can be 
used to force a link into backup to allow maintenance to be performed on the primary link without 
disrupting data. Use the no form of this command to return to the normal dial-backup operation state. For 
more detailed information on dial-backup functionality, refer to the Functional Notes and Technology 
Review sections of the command dial-backup call-mode on page 1762. Variations of this command 
include: 


dial-backup force backup 
dial-backup force primary 


Syntax Description 





backup Forces backup regardless of primary link state. 
primary Forces primary link regardless of its state. 


Default Values 


By default, this feature is disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to force this interface into dial-backup: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup force backup 
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dial-backup maximum-retry <value> 


Use the dial-backup maximum-retry command to select the number of calls the router will make when 
attempting to backup a link. Use the no form of this command to return to the default state. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of the command dial-backup call-mode on page 1762. 


Syntax Description 





<value> Selects the number of call retries that will be made after a link failure. Valid 
range is 0 to 15 attempts. 


Setting this value to 0 will allow unlimited retries during the time the network 
is failed. 


Default Values 





By default, dial-backup maximum-retry is set to 0 attempts. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to retry a dial-backup call four times before considering backup 
operation not available: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup maximum-retry 4 
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dial-backup number <number> 


Use the dial-backup number command to configure the phone number and the call type the router will 
dial upon network failure. Multiple entries can be made for an interface to allow alternate sites to be dialed. 
Use the no form of this command to return to the default setting. For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command 
dial-backup call-mode on page 1762. Variations of this command include: 


dial-backup number <number> analog ppp <interface> 
dial-backup number <number> cellular ppp <interface> 
dial-backup number <number> digital-56k <isdn min chan> <isdn max chan> ppp <interface> 
dial-backup number <number> digital 64k <isdn min chan> <isdn max chan> ppp <interface> 


Syntax Description 





<number> Specifies the phone numbers to call when the backup is initiated. 

analog Indicates the number connects to an analog modem. 

cellular Indicates the number connects to a cellular modem. 

digital-56k Indicates the number belongs to a digital 56 kbps per DSO connection. 

digital-64k Indicates the number belongs to a digital 64 kbps per DSO connection. 

<isdn min chan> Specifies the minimum number of DSOs required for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 

<isdn max chan> Specifies the maximum number of DSOs desired for a digital 56 or 64 kbps 
connection. Range is 1 to 24 DSOs. 

ppp <interface> Specifies the PPP interface to use as the backup for this interface. For example, 
ppp 1. 


Default Values 





By default, there are no configured dial-backup numbers. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 
Release 17.2 Command was expanded to include cellular connections. 


Usage Examples 





The following example configures AOS to dial 704-555-1212 (digital 64 kbps connection) to initiate 
dial-backup operation for this endpoint using interface PPP 3 backup interface: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup number 7045551212 digital-64k 1 1 ppp 3 
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dial-backup priority <va/ue> 


Use the dial-backup priority command to select the backup priority for this interface. This allows the user 
to establish the highest priority backup link and ensure that link will override backups attempted by lower 
priority links. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1762. 


Syntax Description 





<value> Sets the relative priority of this link. Valid range is 0 to 100. A value of 100 
designates the highest priority. 


Default Values 





By default, dial-backup priority is set to 50. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example assigns the highest priority to this endpoint: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup priority 100 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1770 


Command Reference Guide PPP Interface Configuration Command Set 





dial-backup randomize-timers 


Use the dial-backup randomize-timers command to randomize the call timers to minimize potential 
contention for resources. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1762. 


Syntax Description 





No subcommanas. 


Default Values 





By default, AOS does not randomize the dial-backup call timers. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to randomize the dial-backup timers associated with this endpoint: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup randomize-timers 
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dial-backup redial-delay <value> 


Use the dial-backup redial-delay command to configure the delay after an unsuccessful call until the call 
will be re-tried. Use the no form of this command to return to the default setting. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1762. 


Syntax Description 





<value> Specifies the delay in seconds between attempting to re-dial a failed backup 
attempt. Range is 10 to 3600 seconds. 


Default Values 





By default, dial-backup redial-delay is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures a redial delay of 25 seconds on this endpoint: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup redial-delay 25 
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dial-backup restore-delay <va/ue> 


Use the dial-backup restore-delay command to configure the amount of time the router will wait after the 
network is restored before disconnecting the backup link and reverting to the primary. This setting is used 
to prevent disconnecting the backup link if the primary link is “bouncing” in and out of alarm. Use the no 
form of this command to return to the default setting. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup 
call-mode on page 1762. 


Syntax Description 





<value> Specifies the number of seconds AOS will wait (after a primary link is 
restored) before disconnecting dial-backup operation. Range is 10 to 86400 
seconds. 


Default Values 





By default, dial-backup restore-delay is set to 10 seconds. 


Command History 


Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 30 seconds before disconnecting dial-backup operation and 
restoring the primary connection for this endpoint: 


(config)#interface ppp 1 
(config-ppp 1)#dial-backup restore-delay 30 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1773 


Command Reference Guide PPP Interface Configuration Command Set 





dial-backup schedule 


Use the dial-backup schedule command to set the time of day that backup will be enabled. Use this 
command if backup is desired only during normal business hours and on specific days of the week. Use the 
no form of this command to disable dial-backup (as specified). For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command 
dial-backup call-mode on page 1762. Variations of this command include: 


dial-backup schedule day <name> 
dial-backup schedule disable-time <va/ue> 
dial-backup schedule enable-time <va/ue> 


Syntax Description 


day <name> Sets the days to allow backup. Valid range is Monday through Sunday. 

disable-time <va/ue> Sets the time of day to disable backup. Time is entered in 24-hour 
format (00:00). 

enable-time <value> Sets the time of day to enable backup. Time is entered in 24-hour 
format (00:00). 


Default Values 





By default, dial-backup is enabled for all days and times if the dial-backup auto-backup command has 
been issued and the dial-backup schedule has not been entered. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example enables dial-backup Monday through Friday 8:00 am to 7:00 pm: 


(config)#interface ppp 1 

(config-ppp 1)#dial-backup schedule enable-time 08:00 
(config-ppp 1)#dial-backup schedule disable-time 19:00 
(config-ppp 1)#no dial-backup schedule day Saturday 
(config-ppp 1)#no dial-backup schedule day Sunday 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the Dynamic Domain 
Name Server (DNS). 
<minutes> Specifies the intervals in minutes to update the server with information 


(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case-sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case-sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
to manage IP address mappings (A records), domain aliases (CNAME records) and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services Inc., (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 
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dyndns-custom - DynDNS.org's Custom DNSS™ service provides a full DNS solution, giving you 
complete control over an entire domain name. A web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for the most common configuration and allows for easy creation of most common record 
types. The advanced interface is designed for system administrators with a solid DNS background, and 
provides layout and functionality similar to a BIND zone file allowing for the creation of nearly any record 


type. 


Custom DNSS™ can be used with both static and dynamic IPs and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS service in that it 
allows a host name such as yourname.dyndns.org to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate though the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
which also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the dynamic-dns to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface ppp 1 
(config-ppp 1)#dynamic-dns dyndns-custom host user pass 
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fair-queue 


Use the fair-queue command to enable weighted fair queuing (WFQ) on an interface. Use the no form of 
this command to disable WFQ and enable FIFO queueing for an interface. WFQ is enabled by default for 
WAN interfaces. Variations of this command include: 


fair-queue 
fair-queue <threshold> 


Syntax Description 





<threshold> Optional. Specifies the maximum number of packets that can be present in 
each conversation sub-queue. Packets received for a conversation after 
this limit is reached are discarded. Range is 16 to 512 packets. 


Default Values 





By default, fair-queue is enabled with a threshold of 64 packets. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example enables WFQ on the interface with a threshold set at 100 packets: 


(config)#interface ppp 1 
(config-ppp 1)#fair-queue 100 
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hold-queue <va/ue> out 


Use the hold-queue out command to change the overall size of an interface's WAN output queue. Use the 
no form of this command to return to the default settings. 


Syntax Description 


<value> Specifies the total number of packets the output queue can contain before 
packets are dropped. Range is 16 to 1000 packets. 


Default Values 





The default queue size for WFQ is 400. The default queue size for PPP FIFO and Frame Relay 
round-robin is 200. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the overall output queue size to 700: 


(config)#interface ppp 1 
(config-ppp 1)#hold-queue 700 out 
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ip access-group <name> 


Use the ip access-group command to create an access control list to be used for packets transmitted on or 
received from the specified interface. Use the no form of this command to disable this type of control. 
Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Indicates the assigned IP access control list name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 


The following example sets up the router to only allow Telnet traffic into the PPP interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#interface ppp 1 

config-ppp 1)#ip access-group TelnetOnly in 


aon Ne 
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ip address dhcp 


Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an 
address on the interface. Use the no form of this command to remove a configured IP address (using 
DHCP) and disable DHCP operation on the interface. Variations of this command include: 


ip address dhcp 

ip address dhcp <administrative distance> 

ip address dhcp track <name> 

ip address dhcp track <name> <administrative distance> 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the 
DHCP gateway into the route table. It is used to determine the best route 
when multiple routes to the same destination exist. The smaller the 
administrative distance the more reliable the route. Range is 1 to 255. 

track <name> Optional. Attaches a network monitoring track to the DHCP client. The 
DHCP gateway route for this client will only reside in the route table while 
the track is in the pass state. For more information on configuring track 
objects, refer to track <name> on page 947. 


Default Values 





By default, the administrative distance value is 1. 


Command History 





Release 2.1 Command was introduced. 
Release 8.1 Command expanded to include PPP interface. 
Release 13.1 Command was expanded to include track and administrative distance. 


Usage Examples 





The following example enables DHCP operation on the PPP interface 1: 


(config)#interface ppp 1 
(config-ppp 1)#ip address dhcp 


The following example enables DHCP operation on the PPP interface 1 and sets the administrative 
distance as 5: 


(config)#interface ppp 1 
(config-ppp 1)#ip address dhcp 5 
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ip address negotiated 


Use the ip address negotiated command to allow the interface to negotiate (i.e., be assigned) an IP 
address from the far end PPP connection. Use the no form of this command to disable the negotiation for 
an IP address. Variations of this command include: 


ip address negotiated 

ip address negotiated <administrative distance> 

ip address negotiated <ip address> 

ip address negotiated </p address> no-default 

ip address negotiated track <name> 

ip address negotiated track <name> <administrative distance> 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the PPP 
route to the route table. It is used to determine the best route when multiple 
routes to the same destination exist. The smaller the administrative 
distance the more reliable the route. Range is 1 to 255. 


<ijp address> Optional. Specifies a valid IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


no-default Optional. Prevents the insertion of a default route. Some systems already 
have a default route configured and need a static route to the PPP interface 
to function correctly. 


track <name> Optional. Attaches a network monitoring track to the PPP interface. The 
negotiated default route for this client will only reside in the route table while 
the track is in the pass state. For more information on configuring track 
objects, refer to track <name> on page 947. 


Default Values 





By default, the interface is not assigned an address. 
Also by default, the administrative distance value is 1. 


Command History 





Release 5.1 Command was introduced. 
Release 13.1 Command was expanded to include track and administrative distance. 
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Usage Examples 





The following example enables the PPP interface to negotiate an IP address from the far end connection: 
(config)#interface ppp 1 

(config-ppp 1)#ip address negotiated 

The following example enables the PPP interface to negotiate an IP address from the far end connection 


without inserting a default route: 


(config)#interface ppp 1 
(config-ppp 1)#ip address negotiated no-default 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the optional keyword 
secondary to define a secondary IP address. Use the no form of this command to remove a configured IP 
address. Variations of this command include: 


ip address <i/p address> <subnet mask> 
ip address <ip address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 


By default, there are no assigned IP addresses. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use secondary IP addresses to allow dual subnets on a single interface (when you need more IP 
addresses than the primary subnet can provide). When using secondary IP addresses, avoid routing loops 
by verifying that all devices on the network segment are configured with secondary IP addresses on the 
secondary subnet. 


Usage Examples 


The following example configures a secondary IP address of 192.22.72.101/30: 


(config)#interface ppp 1 
(config-ppp 1)#ip address 192.22.72.101 255.255.255.252 secondary 
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ip directed-broadcast 


Use the ip directed broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this command. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list name. 


default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an access control list 
with this command. In this case, only directed broadcasts that are permitted by the specified access 
control list will be forwarded, and all other directed broadcasts directed to this interface subnet will be 
dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service attacks 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface ppp 1: 


(config)#interface ppp 1 
(config-ppp 1)#ip directed-broadcast 
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ip ffe 


Use the ip ffe command to enable the RapidRoute Engine (formerly FFE) on this interface with the default 
number of entries. Use the no form of these commands to disable the FFE. Variations of this command 
include: 


ip ffe max-entries <entries> 





‘ore Issuing this command will cause all FFE entries on this interface to be cleared. 





Syntax Description 





max-entries <entries> Specifies the maximum number of entries stored in the flow table. Valid 
range is from 1 to 8192. 


Default Values 





By default, the FFE is disabled. The default number of max-entries is 4096. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





The FFE can be used to help reduce routing overhead and thus reduce overall routing times. Routing 
times are reduced by the creation of a flow table on the ingress interface. The maximum number of entries 
that can be stored in the flow table at any one time may be specified by using the max-entries 
subcommand. When features such as firewall, VPN, and static filters are enabled, routing time reduction 
may not be realized. 


Usage Examples 





The following example enables the FFE and sets the maximum number of entries in the flow table to 50: 


(config)#interface ppp 1 
(config-ppp 1)#ip ffe max-entries 50 
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Technology Review 





The RapidRoute system goal is to increase IP packet throughput by moving as much of the packet 
processing into the engine as possible. Packets are classified into flows based upon the IP protocol (TCP, 
UDP, ICMP, etc.), the source and destination IP addresses, IP TOS, and the protocol-specific information 
such as the source and destination port numbers. Flows are defined as the unidirectional representation of 
a conversation between two IP hosts. Each ingress interface keeps its own flow table, a collection of flow 
entries. 


The first packet in a flow that is forwarded through the unit will build a flow entry. When a flow entry is 
looked up but no entry is found, a RapidRouteBuilder object is allocated and attached to the packet. As the 
packet passes through the various processing layers, each subsystem will add processing to the 
RapidRouteBuilder. When packet is about to be forwarded out of the egress interface, the 
RapidRouteBuilder will be finalized. That is, the flow entry being built will be checked for completeness and 
committed to the flow table on the ingress interface. Subsequent flow matches can then bypass the normal 
processing layers. 
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ip flow 


Use the ip flow command to enable Integrated Traffic Monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of the command to disable traffic monitoring. Variations of this 
command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Defaults 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Example 





The following example enables traffic monitoring on a PPP interface to monitor incoming traffic through an 
ACL called myacl: 


(config)#interface ppp 1 
(config-ppp 1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper command must be used in conjunction with the ip forward-protocol 
‘one command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign a helper address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 

1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 

4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248/30 subnet). 


Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface ppp 1 
(config-ppp 1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to 
the interface, when a leave is received, multicast of that group is 
immediately terminated as opposed to sending a group query and timing 
out the group if no device responds. Works in conjunction with ip igmp 
last-member-query-interval. Applies to all groups when configured. 
Use the no form of this command to disable the immediate-leave 
feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 





static-group <address> Configures the router's interface to be a statically-connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 


Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface ppp 1 
(config-ppp 1)#ip igmp last-member-query-interval 200 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1791 


Command Reference Guide PPP Interface Configuration Command Set 





ip mcast-stub downstream 


Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on 
an interface and place it in multicast stub downstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 1795 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip mcast-stub downstream 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1792 


Command Reference Guide PPP Interface Configuration Command Set 





ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group <address> command (on page 1790) to receive multicast traffic without 
host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all 
host-initiated IGMP transactions will enter multicast routes on the router’s interface involved with IGMP 
activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP 
proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 
Release 10.1 Command was expanded to include PPP interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1792, and 
jp mcast-stub upstream on page 1795 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface ppp 1 
(config-ppp 1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1792 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip mcast-stub upstream 
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ip ospf 


Use the ip ospf command to customize OSPF settings (if needed). Use the no form of these commands to 
return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 
retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 


Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 
1 to 65,535. 


Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 32,767 
seconds. 


Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 


Configures OSPF Message Digest 5 (MD5) authentication 
(16-byte max) keys. 
Sets the OSPF priority. The value set in this field helps 


determine the designated router for this network. Range is 
0 to 255. 


Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 


Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


40 seconds 

10 seconds: Ethernet, point-to-point, Frame Relay, and PPP 
5 seconds 

1 second 
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Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25000: 


(config)#interface ppp 1 
(config-ppp 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing OSPF 
authentication. Use the no form of this command to return to the default setting. Variations of this 


command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication be used. 


Default Values 





By default, ip ospf authentication is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example specifies that no authentication will be used on the PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point. 


Command History 


Release 3.1 Command was introduced. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 


The following example designates a broadcast network type: 


(config)#interface ppp 1 
(config-ppp 1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a Rendezvous Point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the routers priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4294967295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the PPP 1 interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip pim-sparse dr-priority 100 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the PPP 1 interface every 3600 seconds: 


(config)#interface ppp 1 
(config-ppp 1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface ppp 1 
(config-ppp 1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65535 milliseconds. 


Default Values 





By default, the override-interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override-interval to 3000 milliseconds: 


(config)#interface ppp 1 
(config-ppp 1)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds: 


(config)#interface ppp 1 
(config-ppp 1)#ip pim-sparse propagation-delay 300 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route-map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp to enable proxy Address Resolution Protocol (ARP) on the interface. Use the no 
form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified MAC address and 
forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the virtual PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip proxy-arp 
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Set 





ip rip receive version 


Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets 
received on the interface. Use the no form of this command to restore the default value. Variations of this 


command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only received RIP version 1 packets on the interface. 
2 Accepts only received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip receive version to specify a RIP version that overrides the version (in the Router RIP) 
configuration. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the virtual PPP interface to accept only RIP version 2 packets: 


(config)#interface ppp 1 
(config-ppp 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets 


transmitted on the interface. Use the no form of this command to restore the default value. Variations of 


this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip send version to specify a RIP version that overrides the version (in the Router RIP) 
configuration. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the virtual PPP interface to transmit only RIP version 2 packets: 


(config)#interface ppp 1 
(config-ppp 1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface ppp 1 
(config-ppp 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


Wo Using Network Address Translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP route 
cache is enabled for all virtual PPP interfaces. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 


Fast-cache switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast-cache switching on the virtual PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ? 
for a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced. 
Release 11.1 Command was expanded to include demand interfaces. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the PPP 
Interface Configuration mode configures the PPP interface to use the IP address assigned to the Ethernet 
interface for all IP processing. In addition, AOS uses the specified interface information when sending 
route updates over the unnumbered interface. Static routes may either use the interface name (ppp 1) or 
the far-end address (if it will be discovered). 


Usage Examples 





The following example configures the PPP interface (labeled ppp 1) to use the IP address assigned to the 
Ethernet interface (eth 0/1): 


(config)#interface ppp 1 
(config-ppp 1)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <name> http command before applying it to the interface. Refer 
to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through the PPP interface (labeled 
ppp 1) and matches the URL filter named MyFilter: 


(config)#interface ppp 1 
(config-ppp 1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
the command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP related 
UT settings on that interface. 


Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF which is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF but multiple interfaces can be assigned to the same VRF. 


An interface will only forward |P-traffic that matches its associated VRF. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. 


Usage Examples 


The following example assigns the ppp 1 interface to the VRF instance named RED: 


(config)#interface ppp 1 
(config-ppp 1)#ip vrf forwarding RED 
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keepalive <value> 
Use the keepalive command to enable the transmission of keepalive packets on the interface and specify 


the time interval in seconds between transmitted packets. Use the no form of this command to return to the 
default setting. 


Syntax Description 





<value> Defines the time interval (in seconds) between transmitted keepalive 
packets. Valid range is 0 to 32767 seconds. 


Default Values 





By default, the time interval between transmitted keepalive packets is 10 seconds. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





If three keepalive packets are sent to an interface with no response, the interface is considered down. To 
detect interface failures quickly, specify a smaller keepalive time. 


Usage Examples 





The following example specifies a keepalive time of 5 seconds on the virtual PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#keepalive 5 
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lldp receive 


Use the Ildp receive command to allow Link-Layer Discovery Protocol (LLDP) packets to be received on 
this interface. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example configures the PPP interface to receive LLDP packets: 


(config)#interface ppp 1 
(config-ppp 1)#Ildp receive 
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lldp send 


Use the Ildp send command to configure this interface to transmit Link-Layer Discovery Protocol (LLDP) 
packets or to control the types of information contained in the LLDP packets transmitted by this interface. 
Use the no form of these commands to disable these features. Variations of this command include: 


lidp send management-address 
lldp send port-description 

lldp send system-capabilities 
lldp send system-description 
lldp send system-name 

lldp send-and-receive 


Syntax Description 





management-address Enables transmission of management address information on this interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
and-receive Configures this interface to both transmit and receive LLDP packets. 


Default Values 





By default, all interfaces are configured to transmit and receive LLDP packets of all types. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 
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Usage Examples 





The following example configures the PPP interface to transmit LLDP packets containing all enabled 
information types: 


(config)#interface ppp 1 
(config-ppp 1)#Ildp send 
The following example configures the PPP interface to transmit and receive LLDP packets containing all 


information types: 


(config)#interface ppp 1 
(config-ppp 1)#Ildp send and-receive 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1818 


Command Reference Guide PPP Interface Configuration Command Set 





max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for QoS. This 
setting is configured as a percentage of the total interface speed. Range: 1 
to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent of the bandwidth on the PPP 1 be available for use in 
user-defined queues: 


(config)#interface ppp 1 
(config-ppp 1)#max-reserved-bandwidth 85 
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media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for RTP traffic. When 
configuring VoIP, RTP traffic needs an IP address to be associated with it. However, some interfaces allow 
“dynamic” configuration of IP addresses, and thus, this value could change periodically. Use the no form 
of these commands to disable these functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary <ip address> 


Syntax Description 





loopback <ip address> Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


primary Use the IP address that is configured as primary on this interface. Applies to 
static, DHCP, or negotiated addresses. 


secondary <ip address> Use the statically defined secondary IP address of this interface to be used 
for RTP traffic. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 





By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface ppp 1 
(config-ppp 1)#media-gateway ip primary 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


OSPF will not become adjacent on links where the MTU sizes do not match. If router A and router B are 
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by 
design and required by the RFC. 


Usage Examples 





The following example specifies an MTU of 1200 on the virtual PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#mtu 1200 
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peer default ip address </p address> 


Use the peer default ip address command to specify the default IP address of the remote end of this 
interface. Use the no form of this command to remove an assigned IP address. 


Syntax Description 


<ijpp address> Specifies the default IP address for the remote end. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, there is no assigned peer default IP address. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





This command is useful if the peer does not send the IP address option during PPP negotiations. 


Usage Examples 





The following example sets the default peer IP address to 192.22.71.50: 


(config)#interface ppp 1 
(config-ppp 1)#peer default ip address 192.22.71.50 
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ppp authentication 


Use the ppp authentication command to specify the authentication protocol on the PPP virtual interface 
that the peer should use to authenticate itself. Use the no form of this command to disable this feature. 
Variations of this command include: 


ppp authentication chap 
ppp authentication pap 


Syntax Description 





chap Configures CHAP authentication on the interface. 
pap Configures PAP authentication on the interface. 


Default Values 





By default, PPP endpoints have no authentication configured. 


Command History 





Release 1.1 Command was introduced. 


Technology Review 





CHAP and PAP are two authentication methods that enjoy widespread support. Both methods are included 
in AOS and are easily configured. 


The authentication method set up on the local router can be different from that on the peer. 
‘ore Also, just because one router requires authentication from its peer does not mean it also 


has to authenticate itself to the peer. 





Defining PAP 


The Password Authentication Protocol (PAP) is used to verify that the PPP peer is a permitted device by 
checking a user name and password configured on the peer. The user name and password are both sent 
unencrypted across the connecting private circuit. 


PAP requires two-way message passing. First, the router that is required to be authenticated (say the peer) 
sends an authentication request with its user name and password to the router requiring authentication 
(say the local router). The local router then looks up the user name and password in the user name 
database within the PPP interface, and if they match sends an authentication acknowledge back to the 
peer. 





The PPP user name and password database is separate and distinct from the global user 


‘one name password database. For PAP and CHAP, use the database under the PPP interface 
configuration. 
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Several example scenarios are given below for clarity. 
Configuring PAP Example 1: Only the local router requires the peer to authenticate itself. 
On the local router (host name Local): 


Local(config-ppp 1)#ppp authentication pap 
Local(config-ppp 1)#username farend password far 


On the peer (host name Peer): 


Peer(config-ppp 1)#ppp pap sent-username farend password far 


The first line of the configuration sets the authentication mode as PAP. This means the peer is required to 
authenticate itself to the local router via PAP. The second line is the user name and password expected to 
be sent from the peer. On the peer, the ppp pap sent-username command is used to specify the 
appropriate matching user name and password. 


Configuring PAP Example 2: Both routers require the peer to authenticate itself. 
On the local router (host name Local): 


Local(config-ppp 1)#ppp authentication pap 
Local(config-ppp 1)#username farend password far 
Local(config-ppp 1)#ppp pap sent-username nearend password near 


On the peer (host name Peer): 


Peer(config-ppp 1)#ppp authentication pap 
Peer(config-ppp 1)#username nearend password near 
Peer(config-ppp 1)#ppp pap sent-username farend password far 


Now both routers send the authentication request, verify that the user name and password sent match 
what is expected in the database, and send an authentication acknowledge. 


Defining CHAP 


The Challenge-Handshake Authentication Protocol (CHAP) is a three-way authentication protocol 
composed of a challenge response and success or failure. The MD5 protocol is used to protect user 
names and passwords in the response. 


First, the local router (requiring its peer to be authenticated) sends a “challenge” containing the 
unencrypted user name of the peer and a random number. The user name of the peer is found in the user 
name database within the PPP interface of the local router. The peer then looks up the user name in the 
user name database within the PPP interface, and if found takes the corresponding password and its own 
host name and sends a “response” back to the local router. This data is encrypted. The local router verifies 
that the user name and password are in its own user name database within the PPP interface, and if so 
sends a “success” back to the peer. 
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The PPP user name and password database is separate and distinct from the global user 
‘one name password database. For PAP and CHAP, use the database under the PPP interface 
configuration. 





Several example scenarios are given below for clarity. 

Configuring CHAP Example 1: Only the local router requires the peer to authenticate itself. 

On the local router (host name Local): 

Local(config-ppp 1)#ppp authentication chap 

Local(config-ppp 1)#username Peer password same 

On the peer (host name Peer): 

Peer(config-ppp 1)#ppp chap password same 

The first line of this configuration sets the authentication mode to CHAP. This means the peer is required to 
authenticate itself to the local router via CHAP. The second line is the user name and password expected 


to be sent from the peer. The peer uses its hostname and ppp chap password commands to send the 
proper authentication information. 


‘ore Both ends must have identical passwords. 





Configuring CHAP Example 2: Using the ppp chap hostname command as an alternate solution. 
On the local router (host name Local): 

Local(config-ppp 1)#ppp authentication chap 

Local(config-ppp 1)#username farend password same 

On the peer (host name Peer): 

Peer(config-ppp 1)#ppp chap hostname farend 

Peer(config-ppp 1)#ppp chap password same 


Notice the local router is expecting user name farend even though the peer router's host name is Peer. 
Therefore the peer router can use the ppp chap hostname command to send the correct name in the 
challenge. 





‘aoe Both ends must have identical passwords. 








60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1825 


Command Reference Guide PPP Interface Configuration Command Set 





Configuring CHAP Example 3: Both routers require each other to authenticate themselves using 
the same shared password. 


On the local router (host name Local): 
Local(config-ppp 1)#ppp authentication chap 
Local(config-ppp 1)#username Peer password same 
On the peer (host name Peer): 

Peer(config-ppp 1)#ppp authentication chap 


Peer(config-ppp 1)#username Local password same 


This is basically identical to Example 1 except that both routers will now challenge each other and 
respond. 





‘ore Both ends must have identical passwords. 





Configuring CHAP Example 4: Both routers require each other to authenticate themselves using 
two separate shared passwords. 


On the local router (host name Local): 


Local(config-ppp 1)#ppp authentication chap 
Local(config-ppp 1)#username Peer password far 
Local(config-ppp 1)#ppp chap password near 


On the peer (host name Peer): 


Peer(config-ppp 1)#ppp authentication chap 
Peer(config-ppp 1)#username Local password near 
Peer(config-ppp 1)#ppp chap password far 


This is basically identical to Example 3, except that there are two separate shared passwords. 





‘one Notice this example has both ends using different sets of passwords. 





Configuring CHAP Example 5: Using the ppp chap hostname command as an alternate solution. 
On the local router (host name Local): 


Local 
Local 
Local 
Local 


#ppp authentication chap 
#username farend password far 
#ppp chap hostname nearend 
#ppp chap password near 


config-ppp 1 
config-ppp 1 
config-ppp 1 
config-ppp 1 


aT mm 
YS #w YH WH 
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On the peer (host name Peer): 


#ppp authentication chap 
#username nearend password near 
#ppp chap hostname farend 

#ppp chap password far 


Peer(config-ppp 1 
Peer(config-ppp 1 
Peer(config-ppp 1 
Peer(config-ppp 1 


YS aS YH WH 


Notice the local router is expecting user name farend even though the peer router's host name is Peer. 
Therefore the peer router can use the ppp chap hostname command to send the correct name on the 
challenge. 





‘ore Notice this example has both ends using different sets of passwords. 
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ppp bcp tagged-frame 


Use the ppp bep tagged-frame command to allow negotiation of IEEE 802.1Q-tagged packets over 
Bridging Control Protocol (BCP). Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example configures PPP interface 1 to negotiate tagged frames over BCP: 


(config)#interface ppp 1 
(config-ppp 1)#ppp bcp tagged-frame 
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ppp chap hostname <name> 


Use the ppp chap hostname command to configure an alternate host name for CHAP PPP authentication. 
Use the no form of this command to remove a configured host name. For more information on PAP and 
CHAP functionality, refer to the Technology Review section for the command ppp authentication on page 
1823. 


Syntax Description 





<name> Specifies a host name using an alphanumeric string up to 80 characters in 
length. 


Default Values 





By default, there are no configured PPP CHAP host names. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example specifies a PPP CHAP host name of my_host: 


(config)#interface ppp 1 
(config-ppp 1)#ppp chap hostname my_host 
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ppp chap password <password> 


Use the ppp chap password command to configure an alternate password when the peer requires CHAP 
PPP authentication. Use the no form of this command to remove a configured password. For more 
information on PAP and CHAP functionality, refer to the Technology Review section for the command ppp 
authentication on page 1823. 


Syntax Description 





<password> Specifies a password using an alphanumeric string up to 80 characters in 
length. 


Default Values 
By default, there is no defined PPP CHAP password. 





Command History 





Release 1.1 Command was introduced. 


Usage Examples 


The following example specifies a PPP CHAP password of my_password: 


(config)#interface ppp 1 
(config-ppp 1)#ppp chap password my_password 
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ppp multilink 


Use the ppp multilink command to enable multilink PPP (MPPP) operation om an existing PPP interface. 
Use the no form of this command to disable. Variations of this command include: 


ppp multilink fragmentation 
ppp multilink interleave 
ppp multilink maximum <number> 


Syntax Description 





fragmentation Enables multilink fragmentation operation. 
interleave Enables multilink interleave operation. 
maximum <number> Specifies the maximum number of links allowed in a PPP multilink bundle. 


Default Values 
By default, MPPP is disabled. 





Command History 





Release 7.1 Command was introduced. 
Release 7.2 Fragmentation and interleave operation were added. 
Release 11.1 Command expanded to include the demand interface. 


Functional Notes 





When enabled, this interface is capable of the following: 


* Combining multiple physical links into one logical link. 
« Receiving upper layer protocol data units (PDU), fragmenting and transmitting over the physical links. 
¢ Receiving fragments over the physical links and reassembling them into PDUs. 


The fragmentation and interleave options can be used to enhance the multilink operation. Fragmentation is 
used to reduce serialization delays of large packets. The fragmentation process evenly divides the data 
among all links in the bundle with a minimum packet size of 96 bytes. The interleave operation is used with 
streaming protocols to reduce delay by giving priority to packets identified as high priority. In order delivery 
is guaranteed with multilink fragmentation, but is not guaranteed with multilink interleave operation. 


The multilink bundle will remain active with a minimum of one physical link. Physical links may be 
dynamically added or removed from the multilink bundle with minor interruption to traffic flow. 


Usage Examples 





The following example enables MPPP: 


(config)#interface ppp 1 
(config-ppp 1)#ppp multilink 
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ppp pap sent-username <username> password <password> 


Use the ppp pap sent-username password command to configure a user name and password when the 
peer requires PAP PPP authentication. Use the no form of this command to remove a configured password. 
For more information on PAP and CHAP functionality, refer to the Technology Review section for the 
command ppp authentication on page 1823. 


Syntax Description 





<username> Specifies a user name by alphanumeric string up to 80 characters in length 
(the user name is case-sensitive). 


<password> Specifies a password by alphanumeric string up to 80 characters in length 
(the password is case-sensitive). 


Default Values 





By default, there is no defined ppp pap sent-username and password. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies a PPP PAP sent-user name of local and a password of my_password: 


(config)#interface ppp 1 
(config-ppp 1)#ppp pap sent-username local password my_password 
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pppoe ac-name <name> 


Use the pppoe ac-name command to identify the Access Concentrator (AC) with which AOS expects to 
establish a PPPoE session. Use the no form of this command to return to the default setting. 


Syntax Description 


<name> Specifies an AC by text string (up to 255 characters) corresponding to the 
AC-Name Tag under RFC2516. If this field is not specified, any access 
concentrator is acceptable. The AC value may be a combination of 
trademark, model, and serial ID information (or simply the MAC address of 
the unit). 


Default Values 





By default, no AC is specified. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example identifies the AC with which AOS expects to establish a PPPoE session: 


(config)#interface ppp 1 
(config-ppp 1)#pppoe acc-name Access_Concentrator_Name 
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pppoe service-name <name> 


Use the pppoe service-name command to use this tag value to filter PPPoE session offers from PPPoE 
servers. Use the no form of this command to return to the default setting. 


Syntax Description 


<name> Specifies a service name by text string (up to 255 characters) 
corresponding to the Service-Name Tags under RFC2516. This string 
indicates an ISP name (or a class or quality of service). If this field is not 
specified, any service is acceptable. 


Default Values 





By default, no names are specified. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example defines a service type that is not to be accepted by AOS: 


(config)#interface ppp 1 
(config-ppp 1)#pppoe service-name Service_Name 
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qos-policy 


Use the qos-policy command to apply a previously-configured Quality of Service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously-created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 6.1 Command was introduced. 
Release 15.1 Command was expanded to include in option. 


Functional Notes 


When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 
2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. A cross-connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing. 

6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 
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Usage Examples 





The following example applies the QoS map VOICEMAP to the PPP 1 interface: 


(config)#interface ppp 1 
(config-ppp 1)#qos-policy out VOICEMAP 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the virtual PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#rtp quality-monitoring 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the virtual PPP interface: 


(config)#interface ppp 1 
(config-ppp 1)#no snmp trap link-status 
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username <username> password <password> 


Use the username password command to configure the user name and password of the peer to use for 
PPP authentication. Use the no form of this command to remove a configured user name and password. 


Syntax Description 


<username> Specifies a user name by alphanumerical string up to 30 characters in 
length (the user name is case-sensitive). 


<password> Specifies a password by alphanumerical string up to 30 characters in length 
(the password is case-sensitive). 


Default Values 





By default, there is no established user name and password. 


Command History 


Release 1.1 Command was introduced. 


Functional Notes 





PAP uses this entry to check received information from the peer. CHAP uses this entry to check the 
received peer host name and a common password. 


Usage Examples 





The following example creates a user name of ADTRAN with password ADTRAN for the PPP link 
labeled 5: 


(config)#interface ppp 5 
(config-ppp 5)#username ADTRAN password ADTRAN 
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TUNNEL CONFIGURATION COMMAND SET 





To create a generic routing encapsulation (GRE) tunnel interface and/or activate the Tunnel Configuration 
mode, enter the interface tunnel command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface tunnel 1 
(config-tunnel 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1842 
bandwidth <value> on page 1543 

crypto map <name> on page 1544 
dial-backup commands begin on page 1846 
dynamic-dns on page 1863 

ip commands begin on page 1865 

keepalive on page 1896 

lldp receive on page 1897 

lldp send on page 1898 

media-gateway ip on page 1900 

mtu <size> on page 1901 

snmp trap on page 1902 

snmp trap link-status on page 1903 

tunnel checksum on page 1904 

tunnel destination <ip address> on page 1905 
tunnel key <value> on page 1906 

tunnel mode gre on page 1907 
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tunnel sequence-datagrams on page 1908 
tunnel source on page 1909 


tunnel vrf <name> on page 1911 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case-sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the tunnel interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the tunnel interface 1: 


(config)#interface tunnel 1 
(config-tunnel 1)#access-policy Private 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4294967295 kbps. 


Default Values 





To view default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher-level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the tunnel 1 interface to 10 Mbps: 


(config)#interface tunnel 1 
(config-tunnel 1)#bandwidth 10000 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps which 
share the same name but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Assigns a crypto map name to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep 
the following notes in mind. 


When defining the policy class and associated access-control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted) it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local-side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#crypto map MyMap 
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dial-backup auto-backup 


Use the dial-backup auto-backup command to configure the interface to automatically attempt a 
dial-backup upon failure. Use the no form of this command to disable this feature. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
dial-backup call-mode on page 1849. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically attempt dial-backup upon a failure. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example enables automatic dial-backup on the endpoint: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup auto-backup 
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dial-backup auto-restore 


Use the dial-backup auto-restore command to configure the interface to automatically discontinue 
dial-backup when all network conditions are operational. Use the no form of this command to disable the 
auto-restore feature. For more detailed information on dial-backup functionality, refer to the Functional 
Notes and Technology Review sections of dial-backup call-mode on page 1849. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all backup endpoints will automatically restore the primary connection when the failure 
condition clears. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to automatically restore the primary connection when the failure 
condition clears: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup auto-restore 
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dial-backup backup-delay <value> 


Use the dial-backup backup-delay command to configure the amount of time the router will wait after the 
failure condition is recognized before attempting to backup the link. Use the no form of this command to 
return to the default value. For more detailed information on dial-backup functionality, refer to the 
Functional Notes and Technology Review sections of dial-backup call-mode on page 1849. 


Syntax Description 





<value> Specifies the delay period (in seconds) a failure must be active before AOS 
will enter backup operation on the interface. Range is 10 to 86400 seconds. 


Default Values 





By default, the dial-backup backup-delay period is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 60 seconds (on an endpoint with an active alarm condition) 
before attempting dial-backup operation: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup backup-delay 60 
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dial-backup call-mode 


Use the dial-backup call-mode command to specify whether the configured backup interface answers or 
originates (or a combination of both ) backup calls. Use the no form of this command to return to the 
default value. Variations of this command include: 


dial-backup call-mode answer 

dial-backup call-mode answer-always 
dial-backup call-mode originate 

dial-backup call-mode originate-answer 
dial-backup call-mode originate-answer-always 


Syntax Description 





answer Answers and backs up primary link on failure. 
answer-always Answers and backs up regardless of primary link state. 
originate Originates backup call on primary link failure. 
originate-answer Originates or answers call on primary link failure. 


originate-answer-always Originates on failure; answers and backs up always. 


Default Values 





By default, the dial-backup call-mode is set to originate-answer. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Functional Notes 





The majority of the configuration for AOS dial-backup implementation is configured via the dial-backup 
PPP interface configuration commands. However, the numbers dialed are configured in the primary 
interface. Full sample configurations follow: 


Sample configuration for remote router (dialing out) 


hostname “Remote3200” 

enable password adtran 

| 

interface eth 0/1 

ip address 192.168.1.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 

framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 

interface fr 1 point-to-point 

frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

| 

interface fr 1.16 point-to-point 

frame-relay interface-dlci 16 

ip address 10.1.1.2 255.255.255.252 

dial-backup call-mode originate 

dial-backup number 5551111 analog ppp1 

dial-backup number 5552222 analog ppp1 
no shutdown 

| 


interface ppp 1 

ip address 172.22.56.1 255.255.255.252 

ppp authentication chap 

username remoterouter password remotepass 
ppp chap hostname localrouter 

ppp chap password adtran 

no shutdown 

| 

ip route 192.168.2.0 255.255.255.0 172.22.56.2 255.255.255.252 
| 

line telnet 0 4 

password password 


Sample configuration for central router (dialing in) 


hostname “Central3200” 

enable password adtran 

| 

interface eth 0/1 

ip address 192.168.100.254 255.255.255.0 
no shutdown 

| 

interface modem 1/3 

no shutdown 

| 


interface t1 1/1 
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coding b8zs 

framing esf 

clock source line 

tdm-group 1 timeslots 1-24 

no shutdown 

| 
interface fr 1 point-to-point 
frame-relay Imi-type ansi 

no shutdown 

cross-connect 1 t1 1/1 1 fr 1 

| 

interface fr 1.100 point-to-point 
frame-relay interface-dici 100 

ip address 10.1.1.1 255.255.255.252 
dial-backup call-mode answer 
dial-backup number 555-8888 analog ppp 1 
| 

interface ppp 1 

ip address 172.22.56.2 255.255.255.252 
ppp authentication chap 

username localrouter password adtran 
ppp chap hostname remoterouter 

ppp chap password remotepass 

no shutdown 

| 


ip route 192.168.1.0 255.255.255.0 172.22.56.1 255.255.255.252 


line telnet 0 4 
password password 


Usage Examples 





The following example configures AOS to generate backup calls for this endpoint using an analog modem 
interface (to phone number 555 1111) but never answer calls and specifies ppp 2 as the backup interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#backup call-mode originate 
(config-tunnel 1)#backup number 555 1111 analog ppp 2 
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Technology Review 





This technology review provides information regarding specific dial-backup router behavior (i.e., when the 
router will perform dial-backup, where in the configuration AOS accesses specific routing information, etc.): 


Dialing Out 
1. AOS determines to place an outbound call when either the Layer 1 or Layer 2 has a failure. 


2. When placing outbound calls, AOS matches the number dialed to a PPP interface. This is accomplished 
with an addition to the dial-backup number command (refer to dia/-backup number on page 1856). 


3. When placing the call, AOS uses the configuration of the related PPP interface for authentication and IP 
negotiation. 


4. If the call fails to connect on the first number dialed, AOS places a call to the second number (if a 
second number is configured). The second number to be dialed references a separate PPP interface. 


Dialing In 
1. AOS receives an inbound call on a physical interface. 
2. Caller ID is used to match the dial-backup number command to the configured PPP interface. 


3. If a match is found, the call connects and AOS pulls down the primary connection if it is not already ina 
down state. 


4. If no match is found from caller ID, the call is terminated. 
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dial-backup connect-timeout <va/ue> 


Use the dial-backup connect-timeout command to specify the number of seconds to wait for a connection 
after a call is attempted before trying to call again or dialing a different number. It is recommended this 
number be greater than 60. Use the no form of this command to return to the default setting. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of dial-backup call-mode on page 1849. 


Syntax Description 





<value> Selects the amount of time (in seconds) that the router will wait for a 
connection before attempting another call. Valid range is 10 to 300 seconds. 


Default Values 





By default, the dial-backup connect-timeout period is set to 60 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 120 seconds before retrying a failed dial-backup call: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup connect-timeout 120 
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dial-backup force 


Use the dial-backup force command to manually override the automatic dial-backup feature. This can be 
used to force a link into backup to allow maintenance to be performed on the primary link without 
disrupting data. Use the no form of this command to return to the normal dial-backup operation state. For 
more detailed information on dial-backup functionality, refer to the Functional Notes and Technology 
Review sections of dial-backup call-mode on page 1849. Variations of this command include: 


dial-backup force backup 
dial-backup force primary 


Syntax Description 





backup Force backup regardless of primary link state. 
primary Force primary link regardless of its state. 


Default Values 


By default, this feature is disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to force this interface into dial-backup: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup force backup 
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dial-backup maximum-retry <value> 


Use the dial-backup maximum-retry command to select the number of calls the router will make when 
attempting to backup a link. Use the no form of this command to return to the default state. For more 
detailed information on dial-backup functionality, refer to the Functional Notes and Technology Review 
sections of dial-backup call-mode on page 1849. 


Syntax Description 





<value> Selects the number of call retry attempts that will be made after a link 
failure. Valid range is 0 to 15 attempts. 


Setting this value to 0 will allow unlimited retries during the time the network 
is failed. 


Default Values 





By default, dial-backup maximum-retry is set to 0 attempts. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to retry a dial-backup call four times before considering backup 
operation not available: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup maximum-retry 4 
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dial-backup number 


Use the dial-backup number command to configure the phone number and the call type the router will 
dial upon network failure. Multiple entries can be made for an interface to allow alternate sites to be dialed. 
Use the no form of this command to return to the default setting. For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command 
dial-backup call-mode on page 1849. Variations of this command include: 


dial-backup number <number> analog ppp <interface> 
dial-backup number <number> cellular ppp </nterface> 
dial-backup number <number> digital-56k <isdn min chan> <isdn max chan> ppp <interface> 
dial-backup number <number> digital 64k <isdn min chan> <isdn max chan> ppp <interface> 


Syntax Description 





<number> Specifies the phone numbers to call when the backup is initiated. 

analog Indicates the number connects to an analog modem. 

cellular Indicates the number connects to a cellular modem. 

digital-56k Indicates the number belongs to a digital 56 kbps per DSO connection. 
digital-64k Indicates the number belongs to a digital 64 kbps per DSO connection. 
<isdn min chan> Specifies the minimum number of DSOs required for a digital 56 or 64 kbps 


connection. Range is 1 to 24. 


<isdn max chan> Specifies the maximum number of DSOs desired for a digital 56 or 64 kbps 
connection. Range is 1 to 24. 


ppp <interface> Specifies the PPP interface to use as the backup for this interface. 


Default Values 





By default, there are no configured dial-backup numbers. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 
Release 17.2 Command was expanded to include cellular connections. 


Usage Examples 





The following example configures AOS to dial 704-555-1212 (digital 64 kbps connection) to initiate 
dial-backup operation on this endpoint using interface ppp 1 backup interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup number 7045551212 digital-64k 1 1 ppp 1 
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dial-backup priority <va/ue> 


Use the dial-backup priority command to select the backup priority for this interface. This allows the user 
to establish the highest priority backup link and ensure that link will override backups attempted by lower 
priority links. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1849. 


Syntax Description 





<value> Sets the relative priority of this link. Valid range is 0 to 100. A value of 100 
designates the highest priority. 


Default Values 





By default, dial-backup priority is set to 50. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example assigns the highest priority to this endpoint: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup priority 100 
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dial-backup randomize-timers 


Use the dial-backup randomize-timers command to randomize the call timers to minimize potential 
contention for resources. Use the no form of this command to return to the default value. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1549. 


Syntax Description 





No subcommanas. 


Default Values 





By default, AOS does not randomize the dial-backup call timers. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to randomize the dial-backup timers associated with this endpoint: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup randomize-timers 
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dial-backup redial-delay <value> 


Use the dial-backup redial-delay command to configure the delay after an unsuccessful call until the call 
will be re-tried. Use the no form of this command to return to the default setting. For more detailed 
information on dial-backup functionality, refer to the Functional Notes and Technology Review sections of 
the command dial-backup call-mode on page 1849. 


Syntax Description 





<value> Specifies the delay in seconds between attempting to re-dial a failed backup 
attempt. Range is 10 to 3600 seconds. 


Default Values 





By default, dial-backup redial-delay is set to 10 seconds. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures a redial delay of 25 seconds on this endpoint: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup redial-delay 25 
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dial-backup restore-delay <va/ue> 


Use the dial-backup restore-delay command to configure the amount of time the router will wait after the 
network is restored before disconnecting the backup link and reverting to the primary. This setting is used 
to prevent disconnecting the backup link if the primary link is “bouncing” in and out of alarm. Use the no 
form of this command to return to the default setting. For more detailed information on dial-backup 
functionality, refer to the Functional Notes and Technology Review sections of the command dial-backup 
call-mode on page 1849. 


Syntax Description 





<value> Specifies the number of seconds AOS will wait (after a primary link is 
restored) before disconnecting dial-backup operation. Range is 10 to 86400 
seconds. 


Default Values 





By default, dial-backup restore-delay is set to 10 seconds. 


Command History 


Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example configures AOS to wait 30 seconds before disconnecting dial-backup operation and 
restoring the primary connection for this endpoint: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup restore-delay 30 
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dial-backup schedule 


Use the dial-backup schedule command to set the time of day that backup will be enabled. Use this 
command if backup is desired only during normal business hours and on specific days of the week. Use the 
no form of this command to disable dial-backup (as specified). For more detailed information on 
dial-backup functionality, refer to the Functional Notes and Technology Review sections of the command 
dial-backup call-mode on page 1849.Variations of this command include: 


dial-backup schedule day <name> 
dial-backup schedule enable-time <value> 
dial-backup schedule disable-time <va/ue> 


Syntax Description 


day <name> Sets the days to allow backup. Valid range is Monday through Sunday. 

enable-time <va/ue> Sets the time of day to enable backup. Time is entered in 24-hour format 
(00:00). 

disable-time <value> Sets the time of day to disable backup. Time is entered in 24-hour format 
(00:00). 


Default Values 





By default, dial-backup is enabled for all days and times if the dial-backup auto-backup command has 
been issued and the dial-backup schedule has not been entered. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example enables dial-backup Monday through Friday 8:00 am to 7:00 pm: 


(config)#interface tunnel 1 

(config-tunnel 1)#dial-backup schedule enable-time 08:00 
(config-tunnel 1)#dial-backup schedule disable-time 19:00 
(config-tunnel 1)#no dial-backup schedule day Saturday 
(config-tunnel 1)#no dial-backup schedule day Sunday 
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dial-backup shutdown 


Use the dial-backup shutdown command to deactivate all dial-backup functionality in the unit. 
Dial-backup configuration parameters are kept intact, but the unit will not initiate (or respond) to 
dial-backup sequences in the event of a network outage. Use the no form of this command to reactivate the 
dial-backup interface. For more detailed information on PPP dial-backup functionality, refer to the 
Functional Notes and Technology Review sections of the command dial-backup call-mode on page 1849. 


Syntax Description 





No subcommanas. 


Default Values 





By default, all AOS interfaces are disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 5.1 Command was expanded to include the PPP interface. 


Usage Examples 





The following example deactivates the configured dial-backup interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#dial-backup shutdown 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the Dynamic Domain 
Name Server (DNS). 
<minutes> Specifies the intervals in minutes to update the server with information 


(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case-sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case-sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
to manage IP address mappings (A records), domain aliases (CNAME records) and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services Inc., (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 
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dyndns-custom - DynDNS.org's Custom DNSS™ service provides a full DNS solution, giving you 
complete control over an entire domain name. A web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for the most common configuration and allows for easy creation of most common record 
types. The advanced interface is designed for system administrators with a solid DNS background, and 
provides layout and functionality similar to a BIND zone file allowing for the creation of nearly any record 


type. 


Custom DNSS™ can be used with both static and dynamic IPs and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS service in that it 
allows a host name such as yourname.dyndns.org to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate though the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
which also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the dynamic-dns to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface tunnel 1 
(config-tunnel 1)#dynamic-dns dyndns-custom host user pass 
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ip access-group <name> 


Use the ip access-group command to create an access control list to be used for packets transmitted on or 
received from the specified interface. Use the no form of this command to disable this type of control. 
Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Assigns an IP access control list name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 





The following example sets up the unit to only allow Telnet traffic (as defined in the user-configured 
TelnetOnly IP access control list) into the tunnel interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#interface tunnel 1 

config-tunnel 1)#ip access-group TelnetOnly in 


a OTN Na 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the no form of this 
command to remove a configured IP address. Variations of this command include: 


ip address <ip address> <subnet mask> 
ip address </p address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 

<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Syntax Description 





<adadress> Defines the IP address for the interface in dotted decimal notation (for 
example: 192.22.73.101). 

<mask> Specifies the subnet mask that corresponds to the listed IP address. 

secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 





By default, there are no assigned IP addresses. 


Command History 





Release 5.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Usage Examples 





The following example configures an IP address of 192.22.72.101/30: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip address 192.22.72.101 255.255.255.252 
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ip directed-broadcast 


Use the ip directed broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this command. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list name. 


default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an access control list 
with this command. In this case, only directed broadcasts that are permitted by the specified access 
control list will be forwarded, and all other directed broadcasts directed to this interface subnet will be 
dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service attacks 
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Usage Examples 





The following example enables forwarding of directed broadcasts on the interface tunnel 1: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip directed-broadcast 
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ip flow 


Use the ip flow command to enable Integrated Traffic Monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of the command to disable traffic monitoring. Variations of this 
command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Defaults 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Example 





The following example enables traffic monitoring on a tunnel interface to monitor incoming traffic through 
an ACL called myacl: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip flow ingress myacl 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper-address command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 


When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign helper address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248/30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface tunnel 1 
(config-tunnel 1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to 
the interface, when a leave is received, multicast of that group is 
immediately terminated as opposed to sending a group query and timing 
out the group if no device responds. Works in conjunction with ip igmp 
last-member-query-interval. Applies to all groups when configured. 
Use the no form of this command to disable the immediate-leave 
feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 





static-group <address> 


version [1 | 2] 


Default Values 


Configures the router's interface to be a statically-connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 


Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 
Release 8.1 
Release 9.1 


Usage Examples 


Command was introduced. 
ATM subinterface was added. 
Tunnel subinterface was added. 





The following example sets the query message interval on the interface to 200 milliseconds: 


config)#interface tunnel 1 


(config-tunnel 1)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 
Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on 


an interface, and to place it in multicast stub downstream mode. Use the no form of this command to 
disable. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 1877 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the command ip igmp static-group <address> on page 1872 to receive multicast traffic without 
host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all 
host-initiated IGMP transactions will enter multicast routes on the router’s interface involved with IGMP 
activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip mcast-stub fixed 
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ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP 
proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1874, and 
jp mcast-stub upstream on page 1877 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1874 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip mcast-stub upstream 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1877 


Command Reference Guide 


Tunnel Configuration Command Set 





ip ospf 


Use the ip ospf command to customize OSPF settings (if needed). Use the no form of these commands to 
return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 


retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 


Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 
1 to 65535. 


Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 

32767 seconds. 


Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32767 seconds. 

Configures OSPF Message Digest 5 (MD5) authentication 
(16-byte max) keys. 


Sets the OSPF priority. The value set in this field helps 
determine the designated router for this network. Range is 
0 to 255. 


Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32767 seconds. 


Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32767 seconds. 


40 seconds 


10 seconds: Ethernet, point-to-point, Frame Relay, Tunnel, and 
PPP 


5 seconds 
1 second 
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Command History 





Release 3.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25000: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing OSPF 
authentication. Use the no form of this command to return to the default setting. Variations of this 
command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication is used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Usage Examples 





The following example specifies that no authentication will be used on the tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. PPP, Frame Relay, and tunnel default to point-to-point. 


Command History 


Release 3.1 Command was introduced. 
Release 9.1 Command was expanded to include tunnel interfaces. 


Functional Notes 


A point-to-point network will not elect designated routers. 


Usage Examples 





The following example designates a broadcast network type: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a Rendezvous Point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the routers priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4294967295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the Tunnel 1 interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip pim-sparse dr-priority 100 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the Tunnel 1 interface every 3600 seconds: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10,800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65535 milliseconds. 


Default Values 





By default, the override interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override interval to 3000 milliseconds: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip pim-sparse propagation-delay 300 
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ip policy route-map <name> 


Use the ip policy route-map command to assign a policy route-map to this interface. Use the no form of 
this command to remove the route-map policy. 


Syntax Description 


<name> Specifies the name of the policy route map to assign to this interface. 


Default Values 





By default, no policy route map is assigned to this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example assigns the policy route map policy1 to the interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip policy route-map policy1 
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ip proxy-arp 


Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified MAC address and 
forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets 
received on the interface. Use the no form of this command to restore the default value. Variations of this 
command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Only accept received RIP version 1 packets on the interface. 
2 Only accept received RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Use the ip rip receive version command to specify a RIP version that overrides the version (in the 
Router RIP) configuration. Refer to version on page 2238 for more information. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the tunnel interface to accept only RIP version 2 packets: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets 
transmitted on the interface. Use the no form of this command to restore the default value. Variations of 
this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Only transmits RIP version 1 packets on the interface. 
2 Only transmits RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Use the ip rip send version command to specify a RIP version that overrides the version (in the Router 
RIP) configuration. Refer to version on page 2238 for more information. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the tunnel interface to transmit only RIP version 2 packets: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip rip send version 2 
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ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


Wo Using Network Address Translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP 
route-cache is enabled for all virtual PPP interfaces. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 


Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast switching on the tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip route-cache 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <filtername> http command before applying it to the interface. 
Refer to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through the tunnel interface and 
matches the URL filter named MyFilter: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip urlfilter MyFilter in 
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ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
the command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP related 
UT settings on that interface. 





VPN Routing and Forwarding (VRF) on an AOS product allows a single physical router to 
be partitioned into multiple virtual routers. Each router instance has its own route table 
and interface assignments. Beginning with Release 16.1, all AOS routers supporting 

‘ore multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless of 
whether multi-VRF is configured. Therefore, executing the above mentioned commands 
without specifying a VRF will affect the default unnamed VRF.- 





Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF which is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 


VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF but multiple interfaces can be assigned to the same VRF. 


An interface will only forward |P-traffic that matches its associated VRF. 


Usage Examples 





The following example assigns the tunnel 1 interface to the VRF instance named RED: 


(config)#interface tunnel 1 
(config-tunnel 1)#ip vrf forwarding RED 
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keepalive 


Use the keepalive command to periodically send keepalive packets to verify the integrity of the tunnel 
from end to end. Use the no form of this command to disable keepalives. Variations of this command 
include: 


keepalive 
keepalive <value> 
keepalive <va/ue> <number> 


Syntax Description 





<value> Defines the time interval (in seconds) between transmitted keepalive 
packets. Valid range is 1 to 32,767 seconds. 


<number> Defines the number of times to retry after failed keepalives before 
determining that the tunnel endpoint is down. Valid range is 1 to 255 times. 


Default Values 





By default, keepalives are disabled. When enabled, the keepalive period defaults to 10 seconds and the 
retry count defaults to 3 times. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Keepalives do not have to be configured on both ends of the tunnel in order to work. A tunnel is not aware 
of incoming keepalive packets. 


Usage Examples 


The following example enables keepalive with a period of 30 seconds and a retry count of 5 times: 


(config)#interface tunnel 1 
(config-tunnel 1)#keepalive 30 5 
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lldp receive 


Use the Ildp receive command to allow LLDP packets to be received on this interface. Use the no form of 
this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, all interfaces are configured to send and receive LLDP packets. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example configures the tunnel interface to receive LLDP packets: 


(config)#interface tunnel 1 
(config-tunnel 1)#Ildp receive 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1897 


Command Reference Guide Tunnel Configuration Command Set 





lldp send 


Use the Ildp send command to configure this interface to transmit LLDP packets or to control the types of 
information contained in the LLDP packets transmitted by this interface. Use the no form of these 
commands to disable these features. Variations of this command include: 


lldp send 

lidp send management-address 
lldp send port-description 

lldp send system-capabilities 
lldp send system-description 
lldp send system-name 

lldp send-and-receive 


Syntax Description 





management-address Enables transmission of management address information on this interface. 
port-description Enables transmission of port description information on this interface. 
system-capabilities Enables transmission of this device’s system capabilities on this interface. 
system-description Enables transmission of this device’s system description on this interface. 
system-name Enables transmission of this device’s system name on this interface. 
and-receive Configures this interface to both transmit and receive LLDP packets. 


Default Values 





By default, all interfaces are configured to transmit and receive LLDP packets of all types. 


Command History 


Release 9.1 Command was introduced. 


Functional Notes 





Individual LLDP information can be enabled or disabled using the various forms of the Ildp send 
command. For example, use the Ildp send and-receive command to enable transmit and receive of all 
LLDP information. Then use the no Ildp send port-description command to prevent LLDP from 
transmitting port description information. 
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Usage Examples 





The following example configures the tunnel interface to transmit LLDP packets containing all enabled 
information types: 


(config)#interface tunnel 1 
(config-tunnel 1)#lldp send 
The following example configures the tunnel interface to transmit and receive LLDP packets containing all 


information types: 


(config)#interface tunnel 1 
(config-tunnel 1)#lldp send and-receive 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1899 


Command Reference Guide Tunnel Configuration Command Set 





media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for RTP traffic. When 
configuring VoIP, RTP traffic needs an IP address to be associated with it. However, some interfaces allow 
“dynamic” configuration of IP addresses, and thus, this value could change periodically. Use the no form 
of these commands to disable these functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary </p address> 


Syntax Description 





loopback <ip address> Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


primary Use the IP address that is configured as primary on this interface. Applies to 
static, DHCP, or negotiated addresses. 


secondary <ip address> Use the statically defined secondary IP address of this interface to be used 
for RTP traffic. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 





By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface tunnel 1 
(config-tunnel 1)#media-gateway ip primary 
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mtu <size> 


Use the mtu command to configure the maximum transmit unit (MTU) size for the active interface. Use 
the no form of this command to return to the default value. 


Syntax Description 


<size> Configures the window size for transmitted packets. The valid ranges for the 
various interfaces are listed below: 
ATM subinterfaces 64 to 1520 
BVI interfaces 64 to 2100 
Demand interfaces 64 to 1520 
Ethernet interfaces 64 to 1500 
FDL interfaces 64 to 256 
Frame Relay subinterfaces 64 to 1520 
HDLC interfaces 64 to 1520 
Loopback interfaces 64 to 1500 
PPP interfaces 64 to 1520 
Tunnel interfaces 64 to 18,190 


Default Values 





<size> The default values for the various interfaces are listed below: 

ATM subinterfaces 1500 
BVI interfaces 1500 
Demand interfaces 1500 
Ethernet interfaces 1500 
FDL interfaces 256 

Frame Relay subinterfaces 1500 
HDLC interfaces 1500 
Loopback interfaces 1500 
PPP interfaces 1500 
Tunnel interfaces 1500 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 


OSPF will not become adjacent on links where the MTU sizes do not match. If router A and router B are 
exchanging hello packets but their MTU sizes do not match, they will never reach adjacency. This is by 
design and required by the RFC. 


Usage Examples 





The following example specifies an MTU of 1200 on the tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#mtu 1200 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1901 


Command Reference Guide Tunnel Configuration Command Set 





snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP on the Tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the Tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#no snmp trap link-status 
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tunnel checksum 


Use the tunnel checksum command to verify the checksum of incoming Generic Routing Encapsulation 


(GRE) packets and to include a checksum on outgoing packets. Use the no form of this command to 
disable checksum. 


Syntax Description 





No subcommanas. 


Default Values 





By default, tunnel checksum is disabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Both ends of the tunnel must have tunnel checksum enabled in order for a meaningful configuration. 
When both endpoints have tunnel checksum enabled, a packet with an incorrect checksum will be 
dropped. If the endpoints differ in their checksum configuration, all packets will still flow without any 
checksum verification. 


Usage Examples 





The following example enables checksum on the tunnel 1 interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#tunnel checksum 


Technology Review 





When enabled, the tunnel checksum will be calculated for each outgoing GRE packet with the result 
stored in the GRE header. The checksum present bit will also be set in the header. 
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tunnel destination <ip address> 
Use the tunnel destination command to specify the IP address to use as the destination address for all 


packets transmitted on this interface. Use the no form of this command to clear the tunnel destination 
address. 


Syntax Description 





<ijp address> Specifies the IP address to use as the destination address for all packets 
transmitted on this interface. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


Default Values 





By default, no tunnel destinations are defined. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 


Until a tunnel interface has a destination IP address defined, it is not operational. 


The tunnel destination IP address will be the value put into the destination field of the outer IP header after 
GRE encapsulation of the original packet. A route must be defined for the destination address. Be certain 
there are no recursive routes by ensuring that a tunnel’s destination address will be routed out a physical 
interface. There is a possibility of creating a routing loop when tunnel interface traffic gets routed back to 
the same tunnel interface or to another tunnel interface, which in turn, does not have a route out a physical 
interface. In either case, the tunnel will go down for a period of one minute, after which it will come back up 
to determine if the recursive routes have been resolved. This allows time for routing protocols to converge 
on a valid route. If a static route has caused the recursive routing loop, the tunnel status may oscillate until 
the route is changed. 


Usage Examples 





The following example sets the tunnel destination IP address to 192.22.73.101: 


(config)#interface tunnel 1 
(config-tunnel 1)#tunnel destination 192.22.73.101 
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tunnel key <value> 
Use the tunnel key command to specify a value shared by both endpoints of the tunnel that will provide 


minimal security and delineate between tunnels with the same source and destination addresses. Use the no 
form of this command to disable the key. 


Syntax Description 





<value> Defines the key value for this tunnel. Valid range is 1 to 4294967294. 


Default Values 





By default, a key is not configured. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





When enabled, the key will be stored in the GRE header and the key present bit will be set. If tunnel keys 
are used, a matching key value must be defined on both endpoints of the tunnel or packets will be 
discarded. 


Usage Examples 





The following example sets the key on a tunnel interface to a value of 1234: 


(config)#interface tunnel 1 
(config-tunnel 1)#tunnel key 1234 
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tunnel mode gre 
Use the tunnel mode gre command to encapsulate traffic destined for the tunnel interface in a Generic 


Routing Encapsulation (GRE) header. Use the no form of this command to set the tunnel to its default 
mode. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the tunnel interface will be configured for GRE mode. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





GRE is currently the only allowed mode for tunnel interface operation. 


Usage Examples 





The following example configures the tunnel interface for GRE mode: 


(config)#interface tunnel 1 
(config-tunnel 1)#tunnel mode gre 
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tunnel sequence-datagrams 
Use the tunnel sequence-datagrams command to enable sequence number checking on incoming Generic 


Routing Encapsulation (GRE) packets, to drop packets arriving out of order, and to include a sequence 
number in outgoing packets. Use the no form of this command to disable sequence number checking. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.1 Command was introduced. 


Functional Notes 





Both ends of the tunnel must have sequence numbering enabled. When both endpoints have sequence 
numbering enabled, a packet arriving with a sequence number less than the current expected value will be 
dropped. If the endpoints differ in their sequence numbering configuration, all packets will still flow without 
any sequence number verification. Be careful enabling sequence number verification on a tunnel. The 
tunnel can easily become out of sequence due to network conditions outside of the tunnel endpoints. It 
may be difficult to establish a successful traffic flow after an out of sequence condition occurs. 


Usage Examples 





The following example enables sequence number processing on the tunnel interface: 


(config)#interface tunnel 1 
(config-tunnel 1)#tunnel sequence-datagrams 


Technology Review 





When enabled, the next valid sequence number will be placed in the GRE header of each outgoing packet, 
and the sequence number present bit will be set. 
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tunnel source 


Use the tunnel source command to specify the IP address or name of a physical interface to use as the 
source address for all packets transmitted on this interface. Use the no form of this command to clear the 
tunnel source address. Variations of this command include: 


tunnel source </p address> 
tunnel source </p address> <interface> 


Syntax Description 





<ijpp address> Specifies the IP address in dotted decimal notation to use as the source 
address for all packets transmitted on this interface. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
a T1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a 
wireless virtual access point, use dot11ap 1/1.1. Type tunnel source ? for 
a complete list of valid interfaces. 


Default Values 





By default, a tunnel source is not defined. 


Command History 





Release 9.1 Command was introduced. 
Release 11.1 Command was expanded to include demand interfaces. 


Functional Notes 





Until a tunnel interface has a source IP address defined and the physical interface used as the source is 
operational, the tunnel is not operational. 


The tunnel source IP address will be the value put into the source field of the outer IP header after GRE 
encapsulation of the original packet. 
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Usage Examples 





The following example sets the tunnel source IP address to 192.22.73.101: 

(config)#interface tunnel 1 

(config-tunnel 1)#tunnel source 192.22.73.101 

The following example sets the tunnel source IP address to the address of the Ethernet interface 


labeled 0/1: 


(config)#interface tunnel 1 
(config-tunnel 1)#tunnel source eth 0/1 
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tunnel vrf <name> 


Use the tunnel vwrf command to specify the VRF to use in order to reach the tunnel source and the tunnel 
destination. Use the no form of this command to use the default VRF. 





VPN Routing and Forwarding (VRF) on an AOS product allows a single physical router to 
be partitioned into multiple virtual routers. Each router instance has its own route table 
and interface assignments. Beginning with Release 16.1, all AOS routers supporting 

‘one multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless of 
whether multi-VRF is configured. Therefore, executing the above mentioned commands 
without specifying a VRF will affect the default unnamed VRF.- 








Syntax Description 





vrf <name> Optional. Specifies the name of the VRF. 


Default Values 
By default, the default VRF is used. 





Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the VRF instance to use to reach the tunnel source as VRF RED: 


config)#interface tunnel 1 

config-tunnel 1)#tunnel vrf RED 

config-tunnel 1)#tunnel source 10.10.10.254 
config-tunnel 1)#tunnel destination 10.10.10.1 
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VLAN CONFIGURATION COMMAND SET 


To activate the VLAN Configuration mode, enter the vlan command at the Global Configuration mode 
prompt. For example: 


>enable 

#configure terminal 
(config)#vlan 1 
(config-vlan 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 
shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


ip flow on page 1913 
media ethernet on page 1914 
name <name> on page 1915 


state on page 1916 
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ip flow 


Use the ip flow command to enable Integrated Traffic Monitoring (ITM) for all traffic received or 
forwarded on an interface. Use the no form of the command to disable traffic monitoring. Variations of this 
command include: 


ip flow egress 
ip flow egress <name> 
ip flow ingress 
ip flow ingress <name> 


Syntax Description 





egress Specifies that all outgoing traffic be monitored. 
ingress Specifies that all incoming traffic be monitored. 
<name> Optional. Specifies the name of an access control list (ACL) to use for 


filtering traffic. 


Defaults 


By default, no traffic monitoring is enabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Example 





The following example enables traffic monitoring on a VLAN interface to monitor incoming traffic through 
an ACL called myacl: 


(config)#interface vlan 2 
(config-vlan 2)#ip flow ingress myacl 
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media ethernet 


Use the media ethernet command to set the virtual local area network (VLAN) media type to Ethernet. 
The only media type currently supported is ethernet. Use the no form of this command to reset to default. 


Syntax Description 


No subcommanads. 


Default Values 





By default, media is set to ethernet. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the media type to Ethernet for VLAN 2: 


(config)#vlan 2 
(config-vlan 2)#media ethernet 
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name <name> 


Use the name command to assign a name to the VLAN. Use the no form of this command to remove a 
name given to a VLAN. 


Syntax Description 


<name> Assigns a name to the VLAN using 1 to 32 characters. 


Default Values 





By default, the name is set to VLANxxxx, where xxxx represents four numeric digits (including leading 
zeroes) equal to the VLAN ID number. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The name is limited to 32 characters and must be unique throughout. 


Usage Examples 





The following example sets the name of VLAN 2 to Accounting: 


(config)#vlan 2 
(config-vlan 2)#name Accounting 
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state 
Use the state command to change the state of the VLAN. Variations of this command include: 


state active 
state suspend 


Syntax Description 





active Changes the VLAN state to active. 
suspend Changes the VLAN state to suspended. 


Default Values 





The default setting is active (once the VLAN has been created). 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the VLAN state to suspended: 


(config)#vlan 2 
(config-vlan 1)#state suspend 
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VLAN DATABASE CONFIGURATION COMMAND SET 


To activate the Config VLAN Database mode, enter the vlan database command at the Enable security 
mode prompt. For example: 


>enable 
#vlan database 
(vlan)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


do on page 49 
end on page 50 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


abort on page 1918 

apply on page 1919 

reset on page 1920 

show on page 1921 

vlan <vlan id> on page 1922 

vlan <vlan id> media ethernet on page 1923 
vlan <vlan id> name <name> on page 1924 


vlan <vlan id> state on page 1925 
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abort 


Use the abort command to exit the VLAN Database without saving any changes made. 


Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this setting. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The abort command discards all configuration changes made since you entered the VLAN Database 
Configuration (or since the last time you issued the apply commana). The system then exits out of this 
mode, returning to the enable (#) command prompt. Refer to the command apply on page 1919 for more 
information. 


Usage Examples 





The following example exits the VLAN Database without saving the changes made: 


(config)#vlan database 
(vlan)#abort 

Discarding all changes and exiting. 
# 
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apply 
Use the apply command to apply changes without exiting the VLAN Database. 


Syntax Description 





No subcommanas. 


Default Values 





No defaults necessary for this setting. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Applies changes to the VLAN Database configuration in the running configuration. 


Usage Examples 





The following example applies changes made, remaining in the VLAN Database: 


(config)#vlan database 
(vlan)#apply 

Changes applied. 
(vlan)# 
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reset 


Use the reset command to discard all changes made and revert to the previous configuration. The prompt 
remains in the VLAN Database. 


Syntax Description 


No subcommanas. 


Default Values 





No defaults necessary for this setting. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The reset command discards all changes to the VLAN configuration. The configuration remains the same 
as it was prior to entering the VLAN Database Configuration (or since the last time you issued the apply 
command). The VLAN Database reverts to the same state it had upon entry. Refer to the command apply 
on page 1919 for more information. 


Usage Examples 





The following example resets the unit to the previous configuration (i.e., the last configuration saved using 
the apply or the exit command): 


(config)#vlan database 
(vlan)#reset 

VLAN configuration has been reset. 
(vlan)# 
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show 


Use the show command to display different aspects of the VLAN configuration. Variations of this 
command include: 


show changes 

show changes <vian id> 
show current 

show current <vian id> 
show proposed 

show proposed <vian id> 


Syntax Description 





<vian id> Specifies a VLAN ID to display only information for a specific VLAN. Valid 
VLAN interface ID range is from 1 to 4094. 

changes Displays the proposed changes to the VLAN configuration. 

current Displays the current VLAN configuration. 

proposed Displays the proposed VLAN Database. The proposed version is not part of 


the running configuration until it is applied (using the apply command or the 
exit command). 


Default Values 





No defaults necessary. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example shows the proposed VLAN Database configuration which will take effect if an apply 
or exit command is issued: 


(config)#vlan database 
(vlan)#show proposed 
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vian <vian id> 


Use the vlan command to create a VLAN within the VLAN database. Use the no form of this command to 
delete a previously-created VLAN from the database. 


Syntax Description 
<vian id> Specifies a valid VLAN interface ID (1 to 4094). 


Default Values 





No defaults necessary for this setting. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 


The following example creates VLAN 2 only within the VLAN Database. This VLAN is not added to the 
running configuration until an exit or apply command is issued: 





(vlan)#vlan 2 
VLAN 2 created. 
Name = VLANO002 
(vlan)# 


The following example removes VLAN 2 from the VLAN Database. This VLAN is not removed from the 
running configuration until an exit or apply command is issued: 


(config)#vlan database 
(vlan)#no vian 2 
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vian <vian id> media ethernet 


Use the vlan media ethernet command to set the VLAN media type to Ethernet. Use the no form of this 
command to reset to the default. 


Syntax Description 
<vian id> Specifies a valid VLAN interface ID. Valid range is 1 to 4094. 


Default Values 





By default, vlan media is set to ethernet. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example sets the media type of VLAN 2 to ethernet: 


(config)#vlan database 
(vlan)#vlan 2 media ethernet 
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vian <vian id> name <name> 


Use the vlan name command to assign a name to the VLAN. Use the no form of this command to remove 
an assigned name. 


Syntax Description 


<vian id> Specifies a valid VLAN interface ID. Valid range is 1 to 4094. 
<name> Assigns a name to the VLAN using 1 to 32 characters. 


Default Values 





By default, the assigned name is VLANxxxx; where xxxx represents four numeric digits (including leading 
zeroes) equal to the VLAN ID number. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The name is limited to 32 characters and must be unique throughout the network. 


Usage Examples 





The following example sets the name of VLAN 2 to Accounting: 


(config)#vlan database 
(vlan)#vlan 2 name Accounting 
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vian <vian id> state 


Use the vlan state command to change the state of the VLAN. Use the no form of this command to return 
to the default setting. Variations of this command include: 


vlan <vian id> state active 
vlan <vian id> state suspend 


Syntax Description 





<vian id> Specifies a valid VLAN interface ID (1 to 4094). 
active Changes the VLAN state to active. 
suspend Changes the VLAN state to suspended. 


Default Values 


The default setting is active (once the VLAN has been created). 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 
The following example sets the VLAN state to suspended: 


(config)#vlan database 
(vlan)#vlan 2 state suspend 
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VLAN INTERFACE CONFIGURATION COMMAND SET 





To create a virtual local area network (VLAN) interface and/or activate the VLAN Interface Configuration 
mode, enter the interface vlan command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#interface vlan 1 
(config-interface-vlan 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


access-policy <name> on page 1927 

arp arpa on page 1928 

awcp on page 1929 

bandwidth <value> on page 1930 
bridge-group <number> on page 1931 
crypto map <name> on page 1932 
dynamic-dns on page 1934 

ip commands begin on page 1936 
mac-address <mac address> on page 1974 
max-reserved-bandwidth <value> on page 1975 
media-gateway ip on page 1976 

gos-policy on page 1977 

rtp quality-monitoring on page 1979 

snmp trap on page 1980 

snmp trap link-status on page 1981 
traffic-shape rate <value> on page 1982 
vrrp <number> on page 1983 
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access-policy <name> 


Use the access-policy command to assign a specified access policy to an interface. Access policies are 
applied to traffic entering an interface. Use the no form of this command to remove an access policy 
association. For more information on using access policies, refer to ip policy-class <name> <action> on 
page 744. 





Configured access policies will only be active if the ip firewall command has been entered 
at the Global Configuration mode prompt to enable the AOS security features. All 

‘tore configuration parameters are valid, but no security data processing will be attempted 
unless the security features are enabled. 





Syntax Description 





<name> Identifies the configured access policy by alphanumeric descriptor (all 
access policy descriptors are case-sensitive). 


Default Values 





By default, there are no configured access policies associated with an interface. 


Command History 


Release 2.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





To assign an access policy to an interface, enter the interface configuration mode for the desired interface 
and enter access-policy <policy name>. 


Usage Examples 





The following example associates the access policy Private (to allow inbound traffic to the Web server) to 
the VLAN interface 1: 


Enable the AOS security features: 
(config)#ip firewall 
Associate the access policy with the VLAN interface 1: 


(config)#interface vlan 1 
(config-interface-vlan 1)#access-policy Private 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1927 


Command Reference Guide VLAN Interface Configuration Command Set 





arp arpa 


Use the arp arpa command to set ARPA as the standard address resolution protocol (ARP) on this 
interface. Use the no form of this command to return to the default settings. 


Syntax Description 


No subcommanads. 


Default Values 
By default, the ARP is set to ARPA. 





Command History 





Release 5.1 Command was introduced. 
Release 6.1 Command was extended to include NetVanta 2000 Series units. 


Usage Examples 





The following example enables standard ARP for the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#arp arpa 
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awcp 


Use the awcp command to enable ADTRAN Wireless Control Protocol (AWCP) on this interface. The 
AWCP is an ADTRAN proprietary protocol used by an access controller (AC) to communicate with an 
access point (AP). Use the no form of this command to disable AWCP for this interface. 


Syntax Description 





No subcommanas. 


Default Values 
By default, AWCP is enabled on the interface. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





When the global-level command doti1ap access-point-controller (refer to page 660 for more 
information) is enabled, the AWCP function can be disabled on a specific interface by using the no form of 
this command from the desired interface. When the global-level command 

dot11ap access-point-controller is disabled, it overrides the awcp command setting for the interface. 


Usage Examples 
The following example disables AWCP on VLAN 1: 





(config)#interface vlan 1 
(config-interface-vian 1)#no awcp 
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bandwidth <value> 


Use the bandwidth command to provide the bandwidth value of an interface to the higher-level protocols. 
This value is used in cost calculations. Use the no form of this command to restore the default values. 


Syntax Description 
<value> Specifies bandwidth in kbps. Range is 1 to 4294967295 kbps. 


Default Values 





To view default values, use the show interfaces command. 


Command History 





Release 3.1 Command was introduced. 
Release 5.1 Command was expanded to include Ethernet subinterfaces. 
Release 6.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The bandwidth command is an informational value that is communicated to the higher-level protocols to 
be used in cost calculations. This is a routing parameter only and does not affect the physical interface. 


Usage Examples 





The following example sets bandwidth of the VLAN 1 interface to 10 Mbps: 


(config)#interface vlan 1 
(config-interface-vilan 1)#bandwidth 10000 
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bridge-group <number> 


Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of 
this command to remove the interface from the bridge group. 


Syntax Description 


<number> Specifies a bridge group number. Range is 1 to 255. 


Default Values 





By default, there are no configured bridge groups. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





A bridged network can provide excellent traffic management to reduce collisions and limit the amount of 
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can 
be bridged (e.g., Ethernet to T1 bridge, Ethernet to Frame Relay subinterface). 


Usage Examples 





The following example assigns the VLAN interface to bridge group 17: 


(config)#interface vlan 1 
(config-interface-vian 1)#bridge-group 17 
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crypto map <name> 


Use the crypto map command to associate crypto maps with the interface. Use the no form of this 
command to remove a crypto map from an interface. 





When you apply a map to an interface, you are applying all crypto maps with the given 
‘one map name. This allows you to apply multiple crypto maps if you have created maps which 
share the same name but have different map index numbers. 








For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 








Syntax Description 





<name> Specifies the crypto map name that you wish to assign to the interface. 


Default Values 





By default, no crypto maps are assigned to an interface. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep 
the following notes in mind. 


When defining the policy-class and associated access-control lists (ACLs) that describe the behavior of the 
firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the 
system. The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or 
received over the VPN tunnel. The following diagram represents typical AOS data-flow logic. 
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Interfaces (Ethernet, Frame Relay, PPP, local) 












Static Filter 
(in) 


Static Filter 
(out) 


IPSec 
Decrypt/Discard 


NAT/ACP/ 
Firewall 

















Router 


As shown in the diagram above, data coming into the product is first processed by the static filter 
associated with the interface on which the data is received. This access-group is a true static filter and is 
available for use regardless of whether the firewall is enabled or disabled. Next (if the data is encrypted) it 
is sent to the IPSec engine for decryption. The decrypted data is then processed by the stateful inspection 
firewall. Therefore, given a terminating VPN tunnel, only unencrypted data is processed by the firewall. 


The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an 
interface. When specifying the ACLs for a crypto map, the source information is the private local side, 
unencrypted source of the data. The destination information will be the far end, unencrypted destination of 
the data. However, ACLs for a policy class work in reverse. The source information for the ACL in a policy 
class is the far end. The destination information is the local side. 


Usage Examples 





The following example applies all crypto maps with the name MyMap to the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vilan 1)#crypto map MyMap 
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dynamic-dns 


Use the dynamic-dns command to configure Dynamic DNS service provided by Dynamic Network 
Services, Inc. (www.dyndns.org). Use the no versions of these commands to disable these features. 
Variations of this command include: 


dynamic-dns custom <hositname> <minutes> 

dynamic-dns dyndns <hostname> <username> <password> 
dynamic-dns dyndns-custom <hostname> <username> <password> 
dynamic-dns dyndns-static <hosiname> <username> <password> 


Syntax Description 





<hostname> Specifies the host name for the server that updates the Dynamic Domain 
Name Server (DNS). 
<minutes> Specifies the intervals in minutes to update the server with information 


(updates also occur when the interface’s IP address changes regardless of 
the update intervals). 


<username> Specifies a user name using an alphanumerical string up to 30 characters in 
length (the user name is case-sensitive). 


<password> Specifies a password using an alphanumerical string up to 30 characters in 
length (the password is case-sensitive). 


Refer to Functional Notes below for additional argument descriptions. 


Default Values 


No default is necessary for this command. 


Command History 





Release 8.1 Command was introduced. 
Release 12.1 Command was expanded. 
Release 15.1 Command was expanded to include BVI interfaces. 


Functional Notes 





custom - Constanttime.com’s Custom Dynamic DNSSM service allows you complete access and 
management control over your domain name regardless of where you purchased/registered it. This allows 
to manage IP address mappings (A records), domain aliases (CNAME records) and mail servers (MX 
records). 


dyndns - The Dynamic DNSS™ offered by Dynamic Network Services Inc., (DynDNS.org) allows you to 
alias a dynamic IP address to a static host name in various domains. This allows your unit to be more 
easily accessed from various locations on the Internet. This service is provided for up to five host names. 
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dyndns-custom - DynDNS.org's Custom DNSS™ service provides a full DNS solution, giving you 
complete control over an entire domain name. A web-based interface provides two levels of control over 
your domain, catering to average or advanced users. Five globally redundant DNS servers ensure that 
your domain will always resolve. 


A choice of two interfaces is available. The basic interface is designed for most users. It comes 
preconfigured for the most common configuration and allows for easy creation of most common record 
types. The advanced interface is designed for system administrators with a solid DNS background, and 
provides layout and functionality similar to a BIND zone file allowing for the creation of nearly any record 


type. 


Custom DNSS™ can be used with both static and dynamic IPs and has the same automatic update 
capability through Custom DNS-aware clients as Dynamic DNS. 


dyndns-static - The Static DNS service is similar to DynDNS.org’s Dynamic DNSS service in that it 
allows a host name such as yourname.dyndns.org to point to your IP address. Unlike a Dynamic DNS 
host, a Static DNS host does not expire after 35 days without updates, but updates take longer to 
propagate though the DNS system. This service is provided for up to five host names. 


If your IP address does not change often or at all but you still want an easy name to remember it by 
(without having to purchase your own domain name), Static DNS service is ideal for you. 


If you would like to use your own domain name (such as yourname.com), you need Custom DNS service 
which also provides full dynamic and static IP address support. 


Usage Examples 





The following example sets the dynamic-dns to dyndns-custom with host name host, user name user, 
and password pass: 


(config)#interface vian 1 
(config-interface-vian 1)#dynamic-dns dyndns-custom host user pass 
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ip access-group <name> 


Use the ip access-group command to create an access control list to be used for packets transmitted on or 
received from the specified interface. Use the no form of this command to disable this type of control. 
Variations of this command include: 


ip access-group <name> in 
ip access-group <name> out 


Syntax Description 





<name> Assigns an IP access control list name. 
in Enables access control on packets received on the specified interface. 
out Enables access control on packets transmitted on the specified interface. 


Default Values 





By default, these commands are disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





When this command is enabled, the IP destination address of each packet must be validated before being 
passed through. If the packet is not acceptable per these settings, it is dropped. 


Usage Examples 


The following example sets up the router to only allow Telnet traffic (as defined in the user-configured 
TelnetOnly IP access control list) into the VLAN interface: 


config)#ip access-list extended TelnetOnly 
config-ext-nacl)#permit tcp any any eq telnet 
config-ext-nacl)#interface vian 1 

config-interface-vlan 1)#ip access-group TelnetOnly in 


a OTN 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address on the specified interface. Use the no form of this 


command to remove a configured IP address. Variations of this command include: 


ip address <i/p address> <subnet mask> 
ip address <ip address> <subnet mask> secondary 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 


decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


secondary Optional. Configures a secondary IP address for the specified interface. 


Default Values 





By default, there are no assigned IP addresses. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example configures an IP address of 192.22.72.101/30: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip address 192.22.72.101 255.255.255.252 
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ip address dhcp 


Use the ip address dhcp command to use Dynamic Host Configuration Protocol (DHCP) to obtain an 
address on the interface. Use the no form of this command to remove a configured IP address (using 
DHCP) and disable DHCP operation on the interface. 


ip address dhcp client-id [<interface> | <identifier>] [hostname “<string>”] [<administrative distance>] 

ip address dhcp hostname <‘“string’> [no-default-route | no-domain-name | no-nameservers] 
[<administrative distance>] 

ip address dhcp [no-default-route | no-domain-name | no-nameservers] [<administrative distance>] 


Syntax Description 





<administrative distance> Optional. Specifies the administrative distance to use when adding the 
DHCP gateway into the route table. It is used to determine the best route 
when multiple routes to the same destination exist. The smaller the 
administrative distance the more reliable the route. Range is 1 to 255. 


client-id Optional. Specifies the client identifier used when obtaining an IP address 
from a DHCP server. 


<interface> Specifying an interface defines the client identifier as the hexadecimal MAC 
address of the specified interface (including a hexadecimal number added 
to the front of the MAC address to identify the media type). 


For example, specifying the client-id ethernet 0/1 (where the Ethernet 
interface has a MAC address of d217.0491.1150) defines the client 
identifier as 01:d2:17:04:91:11:50 (where 01 defines the media type as 
Ethernet). Refer to hardware-address on page 2550 for a detailed listing of 
media types. 


<identifier> Specifies a custom client-identifier using a text string (that is converted to a 
hexadecimal equivalent) or 7 to 28 hexadecimal numbers (with colon 
delimiters). 


For example, a custom client identifier of Of:ff:ff:ff:ff:51 :04:99:a1 may be 
entered using the <identifier> option. 

hostname “<string>” Optional. Specifies a text string (to override the global router name) to use 
as the name in the DHCP option 12 field. The string is enclosed in quotation 
marks and can consist of up to 35 characters. 


no-default-route Instructs AOS not install the default-route obtained via DHCP. 
no-domain-name Instructs AOS not install the domain-name obtained via DHCP. 
no-nameservers Instructs AOS not install the DNS servers obtained via DHCP. 
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Default Values 





<administrative distance> 
client-id 


hostname “<string>” 


Command History 


Release 2.1 
Release 13.1 


By default, the administrative distance value is 1. 

Optional. By default, the client identifier is populated using the following 
formula: 

TYPE: INTERFACE SPECIFIC INFO : MAC ADDRESS 

Where TYPE specifies the media type in the form of one hexadecimal byte 
(refer to hardware-address on page 2550 for a detailed listing of media 
types), and the MAC ADDRESS is the Media Access Control (MAC) 
address assigned to the first Ethernet interface in the unit in the form of six 
hexadecimal bytes. (For units with a single Ethernet interface, the MAC 
ADDRESS assigned to Ethernet 0/1 is used in this field). 

INTERFACE SPECIFIC INFO is only used for Frame Relay interfaces and 
can be determined using the following: 

FR_PORT# : Q.922 ADDRESS 

Where the FR_PORT# specifies the label assigned to the virtual Frame 
Relay interface using four hexadecimal bytes. For example, a virtual Frame 
Relay interface labeled 1 would have a FR_PORT# of 00:00:00:01. 


The Q.922 ADDRESS field is populated using the following: 





DLCI (high order) C/R | EA 














DLCI (lower) FECN BECN DE | EA 





Where the FECN, BECN, C/R, DE, and high order EA bits are assumed 
to be 0 and the lower order extended address (EA) bit is set to 1. 


The following list provides a few example DLCls and associated Q.922 
address: DLC (decimal) / Q.922 address (hex) 


16 / 0x0401 
50 / 0x0C21 
60 / Ox0CC1 
70 / 0x1061 
80 / 0x1401 


By default, the host name is the name configured using the Global 
Configuration hostname command. 


Command was introduced. 
Command was expanded to include administrative distance. 
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Functional Notes 





DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on 
the network. Many Internet Service Providers (ISPs) require the use of DHCP when connecting to their 
services. Using DHCP reduces the number of dedicated IP addresses the ISP must obtain. Consult your 
ISP to determine the proper values for the client-id and hostname fields. 


Usage Examples 





The following example enables DHCP operation on the VLAN interface (labeled 1): 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip address dhcp 


The following example enables DHCP operation on the VLAN interface (labeled 1) utilizing hostname 
adtran and does not allow obtaining a default route, domain name, or nameservers. It also sets the 
administrative distance as 5: 


(config)#interface vlan 1 
(config-interface-vilan 1)#ip address dhcp hostname “adtran” no-default-route no-domain-name 
no-nameservers 5 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1940 


Command Reference Guide VLAN Interface Configuration Command Set 





ip dhcp 


Use the ip dhcp command to release or renew the DHCP IP address. This command is only applicable 
when using DHCP for IP address assignment. Variations of this command include: 


ip dhcp release 
ip dhcp renew 


Syntax Description 





release Releases DHCP IP address. 
renew Renews DHCP IP address. 


Default Values 





No default values required for this command. 


Command History 


Release 3.1 Command was introduced. 


Usage Examples 





The following example releases the IP DHCP address for the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip dhcp release 
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ip directed-broadcast 


Use the ip directed broadcast command to allow reception/forwarding of directed broadcasts. Use the no 
form of this command to disable this command. Variations of this command include: 


ip directed-broadcast 
ip directed-broadcast <name> 


Syntax Description 





<name> Specifies IP access control list name. 


default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





A directed broadcast is a packet intended for all nodes on a nonlocal network. For example, the broadcast 
address 255.255.255.255 reaches all nodes on a network; the directed broadcast address 128.1.255.255 
is intended for all nodes whose network address is 128.1.0.0. A router not directly attached to 128.1.0.0 
simply forwards the directed broadcast packet to the next hop. A router on network 128.1.0.0 that has ip 
directed-broadcast enabled, accepts and forwards the packet to all nodes whose network address is 
128.1.0.0. Routers connecting subnets of 128.1.0.0 also accept and forward the packet to the nodes on 
their respective subnets. When a directed broadcast packet reaches a router that is directly connected to 
its destination subnet, that packet is distributed as a broadcast on the destination subnet. The packet is 
then sent as a link-layer broadcast. 


The ip directed-broadcast command controls the distribution of directed broadcasts when they reach 
their target subnets. Only the final transmission of the directed broadcast on its ultimate destination subnet 
is affected. It does not affect the transit unicast routing of IP directed broadcasts. 


If ip directed-broadcast is enabled for this interface, incoming IP packets whose addresses identify them 
as directed broadcasts intended for the subnet to which this interface is attached will be forwarded as 
broadcasts on that subnet. Forwarding of the packets can be limited by specifying an access control list 
with this command. In this case, only directed broadcasts that are permitted by the specified access 
control list will be forwarded, and all other directed broadcasts directed to this interface subnet will be 
dropped. 


Disabling the ip directed-broadcast command will cause directed broadcasts destined for the subnet to 
which this interface is attached to be dropped. 


This option is a requirement for routers as described in RFC1812, section 4.2.2.11. Furthermore, it is 
disabled by default (RFC2644), with the intended goal of reducing the efficacy of certain types of 
denial-of-service attacks 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1942 


Command Reference Guide VLAN Interface Configuration Command Set 





Usage Examples 





The following example enables forwarding of directed broadcasts on the interface vlan 1: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip directed-broadcast 
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ip ffe 


Use the ip ffe command to enable the RapidRoute Engine (formerly FFE) on this interface with the default 
number of entries. Use the no form of these commands to disable the FFE. Variations of this command 
include: 


ip ffe max-entries <entries> 





‘ore Issuing this command will cause all FFE entries on this interface to be cleared. 





Syntax Description 





max-entries <entries> Specifies the maximum number of entries stored in the flow table. Valid 
range is from 1 to 8192. 


Default Values 





By default, the FFE is disabled. The default number of max-entries is 4096. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





The FFE can be used to help reduce routing overhead and thus reduce overall routing times. Routing 
times are reduced by the creation of a flow table on the ingress interface. The maximum number of entries 
that can be stored in the flow table at any one time may be specified by using the max-entries 
subcommand. When features such as firewall, VPN, and static filters are enabled, routing time reduction 
may not be realized. 


Usage Examples 





The following example enables the FFE and sets the maximum number of entries in the flow table to 50: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip ffe max-entries 50 
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Technology Review 





The RapidRoute system goal is to increase IP packet throughput by moving as much of the packet 
processing into the engine as possible. Packets are classified into flows based upon the IP protocol (TCP, 
UDP, ICMP, etc.), the source and destination IP addresses, IP TOS, and the protocol-specific information 
such as the source and destination port numbers. Flows are defined as the unidirectional representation of 
a conversation between two IP hosts. Each ingress interface keeps its own flow table, a collection of flow 
entries. 


The first packet in a flow that is forwarded through the unit will build a flow entry. When a flow entry is 
looked up but no entry is found, a RapidRouteBuilder object is allocated and attached to the packet. As the 
packet passes through the various processing layers, each subsystem will add processing to the 
RapidRouteBuilder. When packet is about to be forwarded out of the egress interface, the 
RapidRouteBuilder will be finalized. That is, the flow entry being built will be checked for completeness and 
committed to the flow table on the ingress interface. Subsequent flow matches can then bypass the normal 
processing layers. 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group <address> command (on page 1949) to receive multicast traffic without 
host-initiated Internet Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all 
host-initiated IGMP transactions will enter multicast routes on the router’s interface involved with IGMP 
activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#vlan 2 
(config-interface-vlan 2)#ip mcast-stub fixed 
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ip helper-address <ip address> 


Use the ip helper-address command to configure AOS to forward User Datagram Protocol (UDP) 
broadcast packets received on the interface. Use the no form of this command to disable forwarding 
packets. 





The ip helper-address command must be used in conjunction with the ip forward-protocol 
‘ore command to configure AOS to forward UDP broadcast packets. Refer to ip 
forward-protocol udp <value> on page 724 for more information. 





Syntax Description 





<ijp address> Specifies the destination IP address for the forwarded UDP packets. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, broadcast UDP packets are not forwarded. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





When used in conjunction with the ip forward-protocol command, the ip helper-address feature allows 
you to customize which broadcast packets are forwarded. 


To implement the helper address feature, assign helper address(es) (specifying the device that needs to 
receive the broadcast traffic) to the interface closest to the host that transmits the broadcast packets. 
When broadcast packets (of the specified type forwarded using the ip forward-protocol command) are 
received on the interface, they will be forwarded to the device that needs the information. 


Only packets meeting the following criteria are considered eligible by the ip helper-address feature: 
1. The packet IP protocol is User Datagram Protocol (UDP). 

2. Any UDP port specified using the ip forward-protocol command. 

3. The media access control (MAC) address of the frame is an all-ones broadcast address (ffff.ffff. fff). 


4. The destination IP address is broadcast defined by all ones (255.255.255.255) or a subnet broadcast 
(for example, 192.33.4.251 for the 192.33.4.248/30 subnet). 
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Usage Examples 





The following example forwards all DNS broadcast traffic to the DNS server with IP address 192.33.5.99: 


(config)#ip forward-protocol udp domain 
(config)#interface vlan 1 
(config-interface-vlan 1)#ip helper-address 192.33.5.99 
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ip igmp 
Use the ip igmp command to configure multicasting-related functions for the interface. Variations of this 
command include: 


ip igmp immediate-leave 

ip igmp last-member-query-interval <milliseconds> 
ip igmp querier-timeout <seconds> 

ip igmp query-interval <seconds> 

ip igmp query-max-response-time <seconds> 

ip igmp static-group <address> 

ip igmp version [1 | 2] 


Syntax Description 


immediate-leave Specifies that if only one host (or IGMP snooping switch) is connected to 
the interface, when a leave is received, multicast of that group is 
immediately terminated as opposed to sending a group query and timing 
out the group if no device responds. Works in conjunction with ip igmp 
last-member-query-interval. Applies to all groups when configured. 
Use the no form of this command to disable the immediate-leave 
feature. 


last-member-query-interval Controls the timeout (in milliseconds) used to detect whether any group 

<milliseconds> receivers remain on an interface after a receiver leaves a group. If a 
receiver sends a leave-group message (IGMP Version 2), the router 
sends a group-specific query on that interface. After twice the time 
specified by this command plus as much as one second longer, if no 
receiver responds, the router removes that interface from the group and 
stops sending that group's multicast packets to the interface. Range is 
100 to 65,535 ms. Use the no form of this command to return to the 
default setting. 


querier-timeout <seconds> Specifies the interval (in seconds) that the router waits after the current 
querier’s last query before it takes over as querier (IGMP V2). Range is 
60 to 300 seconds. Use the no form of this command to return to the 
default setting. 


query-interval Specifies the interval (in seconds) at which IGMP queries are sent on an 

<seconds> interface. Host query messages are addressed to the all-hosts multicast 
group with an IP TTL of 1. The router uses queries to detect whether 
multicast group members are on the interface and to select an IGMP 
designated router for the attached segment (if more than one multicast 
router exists). Only the designated router for the segment sends queries. 
For IGMP V2, the designated router is the router with the lowest IP 
address on the segment. Range is 0 to 65,535 seconds. Use the no 
form of this command to return to the default setting. 


query-max-response-time Specifies the maximum response time (in seconds) advertised by this 

<seconds> interface in queries when using IGMP V2. Hosts are allowed a random 
time within this period to respond, reducing response bursts. Use the no 
form of this command to return to the default setting. 
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Syntax Description 


static-group <address> Configures the router's interface to be a statically-connected member of 
the specified group. Packets received on the correct RPF interface are 
forwarded to this interface regardless of whether any receivers have 
joined the specified group using IGMP. Use the no form of this command 
to remove a configured static group. 





version [1 | 2] Sets the interface’s IGMP version. Use the no form of this command to 
return to the default setting. 


Default Values 





ip igmp immediate-leave No default 

ip igmp last-member-query-interval 1000 milliseconds 

ip igmp querier-timeout 2x the query-interval value 
ip igmp query-interval 60 seconds 

ip igmp query-max-response-time 10 seconds 

ip igmp static-group No default 

ip igmp version Version 1 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example sets the query message interval on the interface to 200 milliseconds: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip igmp last-member-query-interval 200 
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ip mcast-stub downstream 
Use the ip mcast-stub downstream command to enable multicast forwarding and IGMP (router mode) on 


an interface, and to place it in multicast stub downstream mode. Use the no form of this command to 
disable. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub upstream commands. Downstream interfaces connect to segments 
with multicast hosts. Multiple interfaces may be configured in downstream mode; however, interfaces 
connecting to the multicast network (upstream) should not be configured in downstream mode. Interfaces 
configured as downstream should have the lowest IP address of all IGMP-capable routers on the 
connected segment in order to be selected as the designated router and ensure proper forwarding. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub upstream on page 1954 for 
more information. 


Usage Examples 





The following example enables multicast forwarding and IGMP on the interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip mcast-stub downstream 
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ip mcast-stub fixed 


Use the ip mcast-stub fixed command to allow forwarding of multicast traffic on a selected interface after 
enabling multicast routing. Use the no form of this command to disable this mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Multicast routing must be enabled prior to setting ip mcast-stub fixed on the selected interface. Also, use 
the ip igmp static-group </p address> command to receive multicast traffic without host-initiated Internet 
Group Management Protocol (IGMP) activity on the selected interface. Otherwise, all host-initiated IGMP 
transactions will enter multicast routes on the router’s interface involved with IGMP activities. 


Usage Examples 





The following example enables multicast traffic forwarding and IGMP on the interface: 


(config)#vlan 2 
(config-interface-vlan 2)#ip mcast-stub fixed 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1952 


Command Reference Guide VLAN Interface Configuration Command Set 





ip mcast-stub helper-enable 


Use the ip mcast-stub helper-enable command to assign the ip mcast-stub helper-address as the IGMP 
proxy. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 8.1 Command was introduced. 
Release 10.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address, ip mcast-stub upstream, and ip mcast-stub downstream commands. When enabled, 
the interface becomes a helper forwarding interface. The IGMP host function is dynamically enabled and 
the interface becomes the active upstream interface, enabling the unit to perform as an IGMP proxy. Refer 
to jp mcast-stub helper-address <ip address> on page 741, ip mcast-stub downstream on page 1951, and 
jp mcast-stub upstream on page 1954 for more information. 


Usage Examples 





The following example sets the helper address as the IGMP proxy: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip mcast-stub helper-enable 
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ip mcast-stub upstream 


Use the ip mcast-stub upstream command to enable multicast forwarding on an interface and place it in 
multicast stub upstream mode. Use the no form of this command to disable. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 7.1 Command was introduced. 


Functional Notes 





This command is used in IP multicast stub applications in conjunction with the ip mcast-stub 
helper-address and ip mcast-stub downstream commands. When enabled, the interface becomes a 
candidate to be a helper forwarding interface. If chosen as the best path toward the helper address by the 
router's unicast route table, the IGMP host function is dynamically enabled and the interface becomes the 
active upstream interface, enabling the router to perform as an IGMP proxy. Though multiple interfaces 
may be candidates, no more than one interface will actively serve as the helper forwarding interface. Refer 
to jp mcast-stub helper-address <ip address> on page 741 and ip mcast-stub downstream on page 1951 
for more information. 


Usage Examples 





The following example enables multicast forwarding on the interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip mcast-stub upstream 
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ip mtu <value> 


Use the ip mtu command to set the maximum transmission unit size (in bytes) for the VLAN interface. To 


reset to the default setting, use the no version of this command. 


Syntax Description 


<value> Specifies the MTU size in bytes. Range is 68 to 1,000,000 bytes. 


Default Values 





By default, this is set to 1500 bytes. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example configures the IP MTU for 2000 bytes: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip mtu 2000 
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ip ospf 


Use the ip ospf command to customize OSPF settings (if needed). Use the no form of these commands to 
return to the default settings. Variations of this command include: 


ip ospf authentication-key <password> 


ip ospf cost <value> 
ip ospf dead-interval <seconds> 
ip ospf hello-interval <seconds> 


ip ospf message-digest-key [1 | 2] md5 <key> 


ip ospf priority <value> 
ip ospf retransmit-interval <seconds> 
ip ospf transmit-delay <seconds> 


Syntax Description 





authentication-key <password> 


cost <value> 


dead-interval <seconds> 


hello-interval <seconds> 


message-digest-key [1 | 2] md5 <key> 


priority <va/ue> 


retransmit-interval <seconds> 


transmit-delay <seconds> 


Default Values 


dead-interval <seconds> 
hello-interval <seconds> 
retransmit-interval <seconds> 
transmit-delay <seconds> 


Assigns a simple-text authentication password to be used by 
other routers using the OSPF simple password authentication. 


Specifies the OSPF cost of sending a packet on the interface. 
This value overrides any computed cost value. Range is 
1 to 65,535. 


Sets the maximum interval (in seconds) allowed between hello 
packets. If the maximum is exceeded, neighboring devices will 
determine that the device is down. Range is 0 to 32,767 
seconds. 


Specifies the interval (in seconds) between hello packets sent 
on the interface. Range is 0 to 32,767 seconds. 


Configures OSPF Message Digest 5 (MD5) authentication 
(16-byte max) keys. 
Sets the OSPF priority. The value set in this field helps 


determine the designated router for this network. Range is 
0 to 255. 


Specifies the interval (in seconds) between link-state 
advertisements (LSAs). Range is 0 to 32,767 seconds. 


Sets the estimated time (in seconds) required to send an LSA 
on the interface. Range is 0 to 32,767 seconds. 


40 seconds 

10 seconds: Ethernet, point-to-point, Frame Relay, and PPP 
5 seconds 

1 second 
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Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of seconds allowed between hello packets to 25000: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip ospf dead-interval 25000 
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ip ospf authentication 


Use the ip ospf authentication command to authenticate an interface that is performing OSPF 
authentication. Use the no form of this command to return to the default setting. Variations of this 
command include: 


ip ospf authentication 
ip ospf authentication message-digest 
ip ospf authentication null 


Syntax Description 





message-digest Optional. Selects message-digest authentication type. 
null Optional. Specifies that no authentication is used. 


Default Values 





By default, this is set to null (meaning no authentication is used). 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example specifies that no authentication will be used on the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip ospf authentication null 
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ip ospf network 


Use the ip ospf network command to specify the type of network on this interface. Use the no form of this 
command to return to the default setting. Variations of this command include: 


ip ospf network broadcast 
ip ospf network point-to-point 


Syntax Description 





broadcast Sets the network type for broadcast. 
point-to-point Sets the network type for point-to-point. 


Default Values 





By default, Ethernet defaults to broadcast. PPP and Frame Relay default to point-to-point. 


Command History 


Release 3.1 Command was introduced. 


Functional Notes 





A point-to-point network will not elect designated routers. 


Usage Examples 


The following example designates a broadcast network type: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip ospf network broadcast 
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ip pim sparse-mode 


Use the ip pim sparse-mode command to enable protocol-independent multicast (PIM) sparse mode for 
this interface. Use the no form of this command to disable PIM sparse mode. 


Syntax Description 


No subcommanads. 


Default Values 





By default, PIM sparse mode for this interface is disabled. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table. It builds 
unidirectional shared trees rooted at a Rendezvous Point (RP) for a multicast group or a shortest-path tree 
rooted at a specific source for a multicast group. 


Usage Examples 





The following example enables PIM sparse mode on the interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip pim sparse-mode 
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ip pim-sparse dr-priority <va/ue> 
Use the ip pim-sparse dr-priority command to specify the priority for the designated router (DR). This 


command modifies the routers priority in the DR election process. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Specifies the priority of this interface (to be used when determining the DR). 
Valid range is 1 to 4294967295. 


Default Values 





By default, the priority of all PIM interfaces is 1. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Interfaces advertise their configured priority values in the hello messages transmitted on the interface. 
Routers use the priority values to determine the appropriate DR. The router on the network segment with 
the highest priority is selected as the DR. If a hello message is received on the interface from a router on 
the network segment and it does not contain a priority, the entire network segment defaults to DR selection 
based on IP addresses instead of priority. In this instance, the DR is selected as the router on the network 
segment that has the highest IP address. AOS will always include a priority in all transmitted hello 
messages. If no priority is specifically designated by the user, the priority is set as the default of 1. 


Usage Examples 





The following example specifies a priority of 100 on the VLAN 1 interface: 


(config)#interface vlan 1 
(config-interface-vian 1)#ip pim-sparse dr-priority 100 
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ip pim-sparse hello-timer <va/ue> 
Use the ip pim-sparse hello-timer command to specify protocol-independent multicast (PIM) sparse hello 


timer period. This is the time interval at which periodic hellos are sent out on all interfaces of a 
PIM-capable router. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the interval (in seconds) at which periodic hellos are sent out of 
the interface. Valid range is 10 to 3600 seconds. 


Default Values 





By default, the hellos are transmitted on PIM interfaces every 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Hello messages are used to inform neighbors of a router’s presence. Hello messages normally generate a 
small amount of traffic on an interface. Setting the hello-timer to a small interval increases the number of 
hellos sent (thus increasing the amount of traffic). Set the hello-timer to a reasonable value, taking into 
consideration the bandwidth available on the interface. 


Usage Examples 





The following example specifies hellos be sent on the VLAN 1 interface every 3600 seconds: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip pim-sparse hello-timer 3600 
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ip pim-sparse nbr-timeout <va/ue> 
Use the ip pim-sparse nbr-timeout command to specify protocol-independent multicast (PIM) sparse 


neighbor timeout. This is the time interval after which a PIM-capable router will consider a neighbor not 
present. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the time interval in seconds after which a neighbor is considered 
not present. Valid range is 30 to 10800 seconds. 


Default Values 





By default, the nbr-timeout is set to 105 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the nbr-timeout to 300 seconds: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip pim-sparse nbr-timeout 300 
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ip pim-sparse override-interval <va/ue> 
Use the ip pim-sparse override-interval command to specify the protocol-independent multicast (PIM) 


sparse join/prune override interval. This delay interval is the period after a join/prune that another router on 
the LAN may override a join/prune. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the delay time in milliseconds. Valid range is 0 to 
65535 milliseconds. 


Default Values 





By default, the override-interval is set to 2500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the override-interval to 3000 milliseconds: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip pim-sparse override-interval 3000 
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ip pim-sparse propagation-delay <va/ue> 
Use the ip pim-sparse propagation-delay command to specify the expected propagation delay for 


join/prune messages. Set the propagation delay (in milliseconds) to estimate the amount of delay found in 
the local link. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the expected propagation delay in the local link in milliseconds. 
Valid range is 0 to 32767 milliseconds. 


Default Values 





By default, the propagation delay is set to 500 milliseconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the propagation delay to 300 milliseconds: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip pim-sparse propagation-delay 300 
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ip proxy-arp 


Use the ip proxy-arp command to enable proxy Address Resolution Protocol (ARP) on the interface. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, proxy ARP is enabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





In general, the principle of proxy ARP allows a router to insert its IP address in the source IP address field 
of a packet (if the packet is from a host on one of its subnetworks). This allows hosts to reach devices on 
other subnetworks without implementing routing or specifying a default gateway. 


If proxy ARP is enabled, AOS will respond to all proxy ARP requests with its specified MAC address and 
forward packets accordingly. 


Enabling proxy ARP on an interface may introduce unnecessary ARP traffic on the network. 


Usage Examples 





The following enables proxy ARP on the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip proxy-arp 
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ip rip receive version 


Use the ip rip receive version command to configure the RIP version the unit accepts in all RIP packets 
received on the interface. Use the no form of this command to restore the default value. Variations of this 
command include: 


ip rip receive version 1 
ip rip receive version 2 


Syntax Description 





1 Accepts only RIP version 1 packets received on the interface. 
2 Accepts only RIP version 2 packets received on the interface. 


Default Values 





By default, all interfaces implement RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip receive version command to specify a RIP version that overrides the version (in the 
Router RIP) configuration. Refer to version on page 2238 for more information. 


AOS only accepts one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the VLAN interface to accept only RIP version 2 packets: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip rip receive version 2 
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ip rip send version 


Use the ip rip send version command to configure the RIP version the unit sends in all RIP packets 
transmitted on the interface. Use the no form of this command to restore the default value. Variations of 
this command include: 


ip rip send version 1 
ip rip send version 2 


Syntax Description 





1 Transmits only RIP version 1 packets on the interface. 
2 Transmits only RIP version 2 packets on the interface. 


Default Values 





By default, all interfaces transmit RIP version 1 (the default value for the version command). 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





Use the ip rip send version command to specify a RIP version that overrides the version (in the Router 
RIP) configuration. Refer to version on page 2238 for more information. 


AOS only transmits one version (either 1 or 2) on a given interface. 


Usage Examples 





The following example configures the VLAN interface to transmit only RIP version 2 packets: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip rip send version 2 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1968 


Command Reference Guide VLAN Interface Configuration Command Set 





ip rip Summary-address </p address> <subnet mask> 
Use the ip rip summary-address command to manually summarize the routes Routing Information 


Protocol (RIP) will advertise and send out a specified interface. Use the no form of this command to 
disable this mode. 


Syntax Description 





<ijpp address> Specifies the summarized network IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.0). 

<subnet mask> Specifies the subnet mask that corresponds to the range of IP addresses 
(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, no manual summarization is applied by RIP. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 





Unlike the automatic summarization on classful network boundaries, only specific network advertisements 
are made by RIP using the ip rip summary-address command. This command is only effective if RIP 
version 2 is configured. 


Usage Examples 





The following example enables manual summarization on the specified IP address: 


(config)#interface vian 1 
(config-interface-vlan 1)#ip rip summary-address 10.10.123.0 255.255.255.0 
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ip route-cache 


Use the ip route-cache command to enable fast-cache switching on the interface. Use the no form of this 
command to disable fast-cache switching and return to process switching mode. 





requires process switching mode (using the no ip route-cache command). 


Wo Using Network Address Translation (NAT) or the AOS firewall capabilities on an interface 





Syntax Description 





No subcommanas. 


Default Values 


By default, fast-cache switching is enabled on all Ethernet and virtual Frame Relay subinterfaces. IP route 
cache is enabled for all virtual PPP interfaces. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 


Fast switching allows an IP interface to provide optimum performance when processing IP traffic. 


Usage Examples 





The following example enables fast switching on the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip route-cache 
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ip unnumbered </nterface> 
Use the ip unnumbered command to use the IP address assigned to the specified interface for all IP 


processing on the active interface. Use the no form of this command to remove the unnumbered 
configuration. 


Syntax Description 





<interface> Specifies the interface that contains the IP address to use as the source 

address for all packets transmitted on this interface. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for 
aT1 interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora 
PPP interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type ip unnumbered ? 
for a list of valid interfaces. 


Default Values 





By default, all interfaces are configured to use a specified IP address (using the ip address commana). 


Command History 





Release 1.1 Command was introduced 
Release 11.1 Command was expanded to include demand interfaces. 


Functional Notes 





If ip unnumbered is enabled on an interface, all IP traffic from the interface will use a source IP address 
taken from the specified interface. For example, specifying ip unnumbered eth 0/1 while in the Frame 
Relay subinterface Configuration mode configures the Frame Relay subinterface to use the IP address 
assigned to the Ethernet interface for all IP processing. In addition, AOS uses the specified interface 
information when sending route updates over the unnumbered interface. 


Usage Examples 





The following example configures the VLAN interface (labeled vlan 1) to use the IP address assigned to 
the Ethernet interface (eth 0/1): 


(config)#interface vlan 1 
(config-interface-vilan 1)#ip unnumbered eth 0/1 
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ip urlfilter <name> 


Use the ip urlfilter command to apply a URL filter to the interface for all inbound or outbound traffic. Use 
the no form of this command to remove the URL filter from an interface. Variations of this command 
include: 


ip urlfilter <name> in 
ip urlfilter <name> out 


Syntax Description 





<name> Specifies the URL filter name to use on the interface. 
in Applies the filter to the inbound traffic. 
out Applies the filter to the outbound traffic. 


Default Values 





By default, there are no URL filters applied to any interfaces. 


Command History 





Release 12.1 Command was introduced. 
Release 14.1 Command was expanded to include VLAN interfaces. 


Functional Notes 





The firewall must be enabled using the ip firewall command in order to use URL filters. The URL filter 
must be created by using the ip urlfilter <name> http command before applying it to the interface. Refer 
to jp urlfilter <name> http on page 830 for more information on using this command. 


Usage Example 





The following example performs URL filtering on all traffic entering through the VLAN interface and 
matches the URL filter named MyFilter: 


(config)#interface vlan 1 
(config-interface-vian 1)#ip urlfilter MyFilter in 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1972 


Command Reference Guide VLAN Interface Configuration Command Set 





ip vrf forwarding <name> 


Use the ip vrf forwarding command to assign an interface to a specific VRF instance. Use the no form of 
the command to remove the interface from the named VRF instance and assign it to the unnamed default 
VRF. 





Keep in mind that changing an interface’s VRF association will clear all IP related 
UT settings on that interface. 





VPN Routing and Forwarding (VRF) on an AOS product allows a single physical router to 
be partitioned into multiple virtual routers. Each router instance has its own route table 
and interface assignments. Beginning with Release 16.1, all AOS routers supporting 

‘ore multiple VRF instances (multi-VRF) have an unnamed default VRF instance regardless of 
whether multi-VRF is configured. Therefore, executing the above mentioned commands 
without specifying a VRF will affect the default unnamed VRF.- 





Syntax Description 





<name> Specifies the name of the VRF in which to assign the interface. 


Default Values 


By default, interfaces are associated with the default VRF which is unnumbered. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 


VRF instances must be created first before an interface can be assigned. An interface can only be 
assigned to one VRF but multiple interfaces can be assigned to the same VRF. 


An interface will only forward |P-traffic that matches its associated VRF. 


Usage Examples 





The following example assigns the vlan 1 interface to the VRF instance named RED: 


(config)#interface vlan 1 
(config-interface-vlan 1)#ip vrf forwarding RED 
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mac-address <mac address> 


Use the mac-address command to specify the Media Access Control (MAC) address of the VLAN 
interface. Only the last three values of the MAC address can be modified. The first three values contain the 
ADTRAN reserved number (00:0A:C8) by default. Use the no form of this command to return to the 
default MAC address programmed by ADTRAN. 


Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in following format xx:xx:xx:Xx:xx:xx (for example, 00:A0:C8:00:00:01). 


Default Values 





A unique default MAC address is programmed in each unit shipped by ADTRAN. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 
The following example configures a MAC address of 00:0A:C8:5F:00:D2: 


(config)#interface vlan 1 
(config-interface-vian 1)#mac-address 00:0A:C8:5F:00:D2 
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max-reserved-bandwidth <va/ue> 


Use the max-reserved-bandwidth command to specify the percentage of interface bandwidth reserved for 
use in user-defined (priority or class-based) queues. The remainder of the interface bandwidth is reserved 
for system critical traffic and is not available to user-defined queues. Use the no form of this command to 
restore the default values. 





proper operation. Specifying the entire interface bandwidth for use in user-defined queues 
can cause undesirable operation. 


Reserving a portion of the interface bandwidth for system critical traffic is necessary for 
cmon 





Syntax Description 





<value> Specifies the maximum percentage of bandwidth to reserve for QoS. This 
setting is configured as a percentage of the total interface speed. Range is 
1 to 100 percent. 


Default Values 





By default, max-reserved-bandwidth is set to 75 percent, which reserves 25 percent of the interface 
bandwidth for system critical traffic. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies 85 percent of the bandwidth on the VLAN 1 interface be available for use 
in user-defined queues: 


(config)#interface vlan 1 
(config-interface-vilan 1)#max-reserved-bandwidth 85 
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media-gateway ip 


Use the media-gateway ip command to associate an IP address source to use for RTP traffic. When 
configuring VoIP, RTP traffic needs an IP address to be associated with it. However, some interfaces allow 
“dynamic” configuration of IP addresses, and thus, this value could change periodically. Use the no form 
of these commands to disable these functions. Variations of this command include: 


media-gateway ip loopback <ip address> 
media-gateway ip primary 
media-gateway ip secondary <ip address> 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


loopback Use an IP address statically defined to a loopback interface. Helpful when 
using a single IP address across multiple WAN interfaces for RTP traffic. 


primary Use the IP address that is configured as primary on this interface. Applies to 
static, DHCP, or negotiated addresses. 


secondary <ip-address> Use the statically defined secondary IP address of this interface to be used 
for RTP traffic. 


Default Values 


By default, media-gateway ip is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the unit to use the primary IP address for RTP traffic: 


(config)#interface vlan 1 
(config-interface-vlan 1)#media-gateway ip primary 
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qos-policy 


Use the qos-policy command to apply a previously-configured Quality of Service (QoS) map to incoming 
or outgoing packets on an interface. Use the no form of this command to remove the map from the 
interface. Variations of this command include: 


qos-policy in <name> 
qos-policy out <name> 


Syntax Description 





<name> Specifies the name of a previously-created QoS map (refer to gos map 
<name> <number> on page 890 for more information). 

in Assigns a QoS map to this interface's input. 

out Assigns a QoS map to this interface's output. 


Default Values 





No default value is necessary for this command. 


Command History 


Release 6.1 Command was introduced. 
Release 15.1 Command was expanded to include in option. 


Functional Notes 


When a QoS policy is applied to an interface, it may be disabled if the interface bandwidth is not adequate 
to support the requested bandwidth on the map set. Once the bandwidth problem is resolved, the map will 
work again. The bandwidth will be rechecked on any of the following changes: 


1. A priority or class-based entry is added to, deleted from, or changed in a QoS map set. 
2. The interface bandwidth is changed by the bandwidth command on the interface. 

3. A QoS policy is applied to an interface. 

4. A cross-connect is created that includes an interface with a QoS policy. 

5. The interface queuing method is changed to fair-queue to use weighted fair queuing. 

6. The interface operational status changes. 

7. The interface bandwidth changes for other reasons (e.g., when ADSL finishes training). 


In order to prevent the map from being disabled in cases of temporary inadequate bandwidth (e.g., a single 
link goes down in a dual T1 multilink configuration where the map requests more than one T1's worth of 
bandwidth), the QoS map uses the maximum theoretical bandwidth on an interface, not the actual 
bandwidth at that time. This actually helps QoS keep higher priority class-based traffic working better than 
best-effort traffic when the bandwidth drops. 
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Usage Examples 





The following example applies the QOS map VOICEMAP to the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vian 1)#qos-policy out VOICEMAP 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vilan 1)#rtp quality-monitoring 
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snmp trap 


Use the snmp trap command to enable all supported Simple Network Management Protocol (SNMP) 
traps on the interface. Use the no form of this command to disable this trap. 


Syntax Description 


No subcommanas. 


Default Values 





By default, all interfaces (except virtual Frame Relay interfaces and subinterfaces) have SNMP traps 
enabled. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include port channel and VLAN interfaces. 

Release 8.1 Command was expanded to the ATM interface. 

Release 16.1 Command was expanded to the tunnel interface. 


Usage Examples 





The following example enables SNMP capability on the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vian 1)#snmp trap 
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snmp trap link-status 
Use the snmp trap link-status command to control the Simple Network Management Protocol (SNMP) 


variable ifLinkUpDownTrapEnable (RFC 2863) to enable (or disable) the interface to send SNMP traps 
when there is an interface status change. Use the no form of this command to disable this trap. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the ifLinkUpDownTrapEnable OID is set to enabled for all interfaces except virtual Frame Relay 
interfaces. 


Command History 





Release 1.1 Command was introduced. 

Release 5.1 Command was expanded to include Ethernet subinterfaces and Gigabit 
Ethernet interfaces. 

Release 6.1 Command was expanded to include E1, port channel, T3, and VLAN 
interfaces. 

Release 7.1 Command was expanded to the HSSI interface. 

Release 8.1 Command was expanded to the ATM interface. 

Release 9.1 Command was expanded to the HDLC interface. 

Release 11.1 Command was expanded to the demand interface. 

Release 16.1 Command was expanded to the tunnel interface. 

Release 17.2 Command was expanded to the cellular interface. 


Functional Notes 





The snmp trap link-status command is used to control the RFC 2863 ifLinkUpDownTrapEnable OID (OID 
number 1.3.6.1.2.1.31.1.1.1.14.0). 


Usage Examples 





The following example disables the link-status trap on the VLAN interface: 


(config)#interface vlan 1 
(config-interface-vian 1)#no snmp trap link-status 
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traffic-shape rate <value> 


Use the traffic-shape rate command to specify and enforce an output bandwidth for the VLAN interface. 
Use the no form of this command to disable this feature. Variations of this command include: 


traffic-shape rate <va/lue> 
traffic-shape rate <va/ue> <burst> 


Syntax Description 





<value> Specifies the rate (in bits per second) at which the interface should be shaped. 


<burst> Optional. Specifies the allowed burst in bytes. By default, the burst is 
specified as the rate divided by 5 and represents the number of bytes that 
would flow within 200 ms. 


Default Values 





By default, traffic-shape rate is disabled. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





Traffic shaping can be used to limit the VLAN interface to a particular rate or to specify use of QoS. 


Usage Examples 





The following example sets the outbound rate of vlan 1 to 128 kbps and applies a QoS policy that gives all 
RTP traffic priority over all other traffic: 


config)#qos map voip 1 

config-qos-map)#match ip rtp 10000 10500 all 
config-qos-map)#priority unlimited 
config-qos-map)#interface vian 1 
config-interface-vlan 1)#traffic-shape rate 128000 
config-interface-vlan 1)#qos-policy out voip 


am nn an = = 
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vrrp <number> 


Use the vrrp command to configure Virtual Router Redundancy Protocol (VRRP) routers within a router 
group. Use the no form of the command to remove the VRRP router’s configurations. Variations of this 


command include: 


vrrp <number> description <text> 


vrrp <number> ip <address> 


vrrp <number> ip <address> secondary 


vrrp <number> preempt 


vrrp <number> preempt delay minimum <time> 
vrrp <number> priority </evel> 


vrrp <number> shutdown 


vrrp <number> startup-delay <delay> 
vrrp <number> timers advertise <interval> 


vrrp <number> timers learn 


vrrp <number> track <name> 


vrrp <number> track <name> decrement <value> 


Syntax Description 


<number> 


description <text> 
ip <address> 


secondary 
preempt 

delay minimum <time> 
priority </evel> 


shutdown 
startup-delay <delay> 


timers 
advertise <interval> 


learn 


track <name> 


Specifies the VRRP router group’s virtual router ID (VRID) number. Range 
is 1 to 255. 


Specifies the textual description of the VRRP router within the group. 


Specifies the IP address to be used by the VRRP router. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


Optional. Specifies the entry of an additional VRRP router supported IP 
address. 


Allows a VRRP router to preempt the current master router if its priority level 
is higher than the current master’s. 


Optional. Specifies a delay (in seconds) before the specified router will 
attempt to preempt the current master router. Range is 0 to 255 seconds. 


Specifies the configured priority level of the VRRP router. Level range is 1 to 
254. 


Disables the VRRP router. 


Specifies a time delay (in seconds) before a VRRP router becomes active. 
Range is 0 to 255 seconds. 


Specifies the configuration of the VRRP timers. 

Specifies the time (in seconds) between advertisements sent by the master 
router. Range is 1 to 255 seconds. 

Specifies that the backup VRRP router learns the advertisement interval of 
the master router. 

Specifies a change in priority level of the VRRP router based upon the 
specified track. 
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decrement <value> Optional. Specifies the numerical amount to decrement the VRRP’s priority 
level if the track transitions to a FAIL state. Decrement value range is 1 to 
254. 


Default Values 
By default, VRRP is enabled. 





By default, a VRRP router will preempt with no additional delay. 


The default configured priority for a VRRP router that is either a backup router or not the IP address owner 
is 100. The default actual priority of a VRRP router that is the IP address owner is 255. 


By default, startup-delay is enabled with a default value of 35 seconds. 
By default, the advertisement interval is 1 second. 


By default, the default decrement value is 10. 


Command History 





Release 16.1 Command was introduced. 


Functional Notes 





A VRRP router may be part of more than one virtual router group. Although VRRP group VRIDs can be 
numbered between 1 and 255, only two VRRP routers per interface are supported. 


It is recommended that the timers advertise setting is kept at the default value. If it is necessary to change 
this setting, ensure that all VRRP routers are configured with the new value, as all VRRP routers in the 
virtual group must have the same advertisement interval value. It is also recommended that if the timers 
learn function is enabled on one router in a virtual router group, then the timers learn function should be 
enabled on all routers in the group. 


When the virtual router’s specified IP address is independent of the IP addresses assigned to real 
interfaces on the VRRP routers, there is no IP address owner. This addressing method is preferred if 
object tracking will be used to monitor the network connection. The IP address used for the virtual router 
must be on the same subnet as either the primary or secondary IP addresses assigned to the VRRP 
router’s real interface. 


A track must be created before the vrrp track command can be issued. Refer to the Network Monitor 
Track Configuration Command Set on page 2185 for more information on creating tracks. If a VRRP router 
owns the virtual router IP address, then the VRRP router’s priority level cannot be decremented as a result 
of the track command. If object tracking will be used, it is important that no VRRP router own the virtual 
router IP address. 


Usage Examples 





The following example describes a VRRP router within virtual router group 1 as the Default Master 
Router: 


(config)#interface vlan 1 
(config-interface-vilan 1)#vrrp 1 description Default Master Router 
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The following example specifies an IP address of 10.0.0.1 for a VRRP router within virtual router group 1: 
(config)#interface vlan 1 

(config-interface-vlan 1)#vrrp 1 ip 10.0.0.1 

The following example specifies that the VRRP router within virtual router group 1 preempts the current 
master router after a 30 second delay: 

(config)#interface vlan 1 

(config-interface-vlan 1)#vrrp 1 preempt delay minimum 30 

The following example specifies the configured priority for the VRRP router within virtual router group 1 is 
254: 

(config)#interface vlan 1 

(config-interface-vlan 1)#vrrp 1 priority 254 

The following example disables the VRRP router within virtual router group 1: 

(config)#interface vlan 1 

(config-interface-vian 1)#vrrp 1 shutdown 

The following example configures a VRRP router on group 1 to delay 45 seconds before becoming active: 


(config)#interface vlan 1 
(config-interface-vlan 1)#vrrp 1 startup-delay 45 
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WIRELESS INTERFACE COMMAND SETS 


This section includes the following command sets: 


¢ AP Interface Configuration Command Set on page 1987 
¢ Radio Interface Configuration Command Set on page 2004 
¢ VAP Interface Configuration Command Set on page 2028 
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AP INTERFACE CONFIGURATION COMMAND SET 


The Access Point Interface Configuration command set is used to configure wireless access points (APs) 
connecting to an AOS platform running the ADTRAN Wireless Control Protocol (AWCP). The AP is 
either a physical standalone unit (such as the NetVanta 150) or integrated within an AOS platform via a 
module, also known as an Embedded Access Point Module (EAPM). 


Enter the interface dotllap command at the Global Configuration mode prompt to activate the AP 
Interface Configuration mode. For example: 


>enable 

#configure terminal 
(config#)interface dot11ap 1 
(config-doti1ap 1)# 





Additional steps must be performed before the AP is ready for connectivity. The radio-level 
settings are configured using the Radio Interface Configuration Command Set on page 

‘one 2004. The virtual access point (VAP) settings are configured using the VAP Interface 
Configuration Command Set on page 2028. 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


interface on page 52 
All other commands for this command set are described in this section in alphabetical order. 


access-point controller-standby on page 1989 
access-point mac-address <mac address> on page 1990 
association access-list <name> on page 199] 
country-region on page 1992 

encapsulation 802.1q on page 1994 

ethernet-speed on page 1996 

event-history on page 1997 

full-duplex on page 1998 

half-duplex on page 1999 

ip address <ip address> <subnet mask> on page 2000 
ip default-gateway <ip address> on page 2001 
location <name> on page 2002 
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name <name> on page 2003 
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access-point controller-standby 
Use the access-point controller-standby command to release wireless access controller (AC) control of 


the wireless access point (AP). This command will cause the AC to stop responding to echo requests from 
the AP, thus releasing control of the AP. Use the no form of this command to disable this command. 


Syntax Description 





No subcommands necessary for this command. 


Default Values 





By default, controller-standby mode is disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example enables controller-standby mode for this AP interface: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#access-point controller-standby 
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access-point mac-address <mac address> 


Use the access-point mac-address command to specify the MAC address of the physical wireless access 
point (AP) Ethernet interface. Use the no form of this command to delete the MAC address of the AP. 


Syntax Description 


<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). 


Default Values 





No default necessary for this command. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





This command binds the wireless access controller (AC) to the AP. Without specifying the MAC address, 
the AC cannot control the AP. 


Usage Examples 
The following example configures an AP MAC address of 00:0A:C8:5F:00:D2: 





(config)#interface dot11ap 1 
(config-doti1ap 1)#access-point mac-address 00:0A:C8:5F:00:D2 
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association access-list <name> 


Use the association access-list command to specify a MAC address filter. This filter will only allow 
access to specific wireless clients. A MAC Access Control List (ACL) must be created before it can be 
associated with this wireless access point (AP). Refer to mac access-list standard <name> on page 861 for 
more information. Use the no form of this command to remove an associated MAC ACL from this AP. 


Syntax Description 





<name> Specifies the name of the previously created MAC ACL. 


Default Values 
By default, no MAC ACLs are associated with an AP. 





Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example will configure this AP to use the MAC ACL named allowlist as a filter for allowing 
access: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#association access-list allowlist 
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country-region 


Use the country-region command to specify the country region or domain where the wireless access point 
(AP) is being used so that the radio can modify its settings to conform to that country’s regulations. Use the 


no form of this command to return to the default value. Variations of this command include: 


country-region Asia 
country-region Australia 
couniry-region Canada 
country-region Denmark 
country-region Europe 
country-region Finland 
country-region France 
counitry-region Germany 
country-region Ireland 
country-region Italy 
country-region Japan 
country-region Mexico 
country-region Netherlands 
country-region New_Zealand 
country-region Norway 
country-region Puerto_Rico 
counitry-region South_America 
couniry-region Spain 
couniry-region Sweden 
couniry-region Switzerland 
country-region UK 
couniry-region USA 


Syntax Description 





Asia Specifies Asia configuration. 
Australia Specifies Australia configuration. 
Canada Specifies Canada configuration. 
Denmark Specifies Denmark configuration. 
Europe Specifies Europe configuration. 
Finland Specifies Finland configuration. 
France Specifies France configuration. 
Germany Specifies Germany configuration. 
Ireland Specifies Ireland configuration. 
Italy Specifies Italy configuration. 
Japan Specifies Japan configuration. 
Mexico Specifies Mexico configuration. 


Netherlands 


Specifies Netherlands configuration. 
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New_Zealand Specifies New Zealand configuration. 
Norway Specifies Norway configuration. 
Puerto_Rico Specifies Puerto Rico configuration. 
South_America Specifies South America configuration. 
Spain Specifies Spain configuration. 
Sweden Specifies Sweden configuration. 
Switzerland Specifies Switzerland configuration. 
UK Specifies UK configuration. 

USA Specifies USA configuration. 


Default Values 





By default, the country-region is set to USA. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the country of operation to Norway: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#country-region Norway 
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encapsulation 802.1q 


Use the encapsulation 802.1q command to set the wireless access point (AP) for virtual local area 
network (VLAN) encapsulation 802.1q mode. This will apply VLAN tags to the user traffic. Use the no 
form of this command to disable VLAN encapsulation. Variations of this command include: 


encapsulation 802.1q 
encapsulation 802.1q awcp-vlan <vian id> native 
encapsulation 802.1q awcp-vlan <vi/an id> native priority </evel> 


Syntax Description 





awcp-vian <vian id> Optional. Specifies an existing VLAN to be used for ADTRAN Wireless 
Control Protocol (AWCP) connection. Valid range is 1 to 4096. For more 
information on creating a VLAN refer to VLAN Interface Configuration 
Command Set on page 1926. 


native Enables native mode for the specified VLAN. Packets from this VLAN 
leaving the interface will not be tagged with the VLAN number. Any 
untagged packets received by the interface are considered a part of the 
native VLAN ID. Only one VLAN may be set to native. To change where the 
native VLAN resides, the current native must be disabled using the no 
version of this command before a new one is set. 


priority Optional. Specifies the 802.1q priority level for AWCP packets generated by 
this AP when VLAN tags are applied. Valid range is 1 to 7, with 1 being the 
highest priority. 


Default Values 





By default, encapsulation 802.1q is disabled on the AP. 


Command History 





Release 6.1 Command was introduced. 
Release 15.1 Command was expanded to include the AP interface. 


Functional Notes 


Settings (including encapsulation, VLAN, and native VLAN) for the AP's Ethernet interface must be 
coordinated with the physical interface to which the AP is connected. 


Since all functions on an AP use the same Ethernet interface, there should be only one VLAN ID set to 
native on the entire AP. It is possible that a VLAN can be used on a virtual access point (VAP) and for the 
AWCP protocol on the AP’s Ethernet, but this is not typical. Typically, the control protocol will use the 
native VLAN and the VAP’s data will all be tagged on the Ethernet. 


This means that one VLAN on one radio's VAP may be set to native or the control protocol (AWCP) VLAN 
may be set to native but not both unless they both use the same VLAN ID. Typically the control protocol 
will use the native VLAN. 
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If the control protocol and a VAP share the same VLAN ID, control protocol packets will be intercepted by 
the AP while non-control protocol packets will be forwarded to the VAP. 


If the AP is to be in trunk mode and the AWCP VLAN is not the native VLAN for the trunk, care must be 
exercised in transitioning the AP and switch port from access port (non-trunk) mode. The AP should be 
configured first, then the switch port set to match. When transitioning the AP, set its AWCP VLAN first, then 
enable trunking mode (encapsulation 802.1q). If the AWCP VLAN is the native VLAN on the AP and 
switch, AWCP communication will not be lost no matter what combination of trunk mode settings is 
applied. 


Usage Examples 





The following example enables encapsulation 802.1q on this AP and makes VLAN 1 the native VLAN: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#encapsulation 802.1q awcp-vlian 1 native 
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ethernet-speed 


Use the ethernet-speed command to configure the speed of the wireless access point’s (AP) Ethernet 
interface. Use the no form of this command to return to the default value. Variations of this command 
include: 


ethernet-speed 10 
ethernet-speed 100 
ethernet-speed auto 





or This command is not available for the embedded AP module (EAPM). For the EAPM, the 


Ethernet speed is fixed at 100 Mbps. 





Syntax Description 





10 Configures the AP's Ethernet speed for 10 Mbps. 
100 Configures the AP's Ethernet speed for 100 Mbps. 
auto Configures the AP's Ethernet speed for auto negotiation. 


Default Values 





By default, the ethernet-speed is set to auto. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example set the AP’s Ethernet speed to 10 Mbps: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#ethernet-speed 10 
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event-history 


Use the event-history command to configure the wireless access point (AP) to transmit log messages to 
the wireless access controller (AC) via the control protocol. The AC will then integrate these messages into 
the AC’s event subsystem for local display, history, or syslog forwarding. Use the no form of this 
command to terminate log messages. Variations of this command include: 


event-history on 
event-history priority </eve/> 


Syntax Description 





on Enables the AP to send log messages to the AC. 


priority </evel> Sets the minimum priority level of messages sent to the AC. This setting is 
provided on a per-AP basis so that the user can control the level of logging 
traffic that will occur on their network. The levels are: 1 (Alert), 2 (Critical), 
3 (Error), 4 (Warning), 5 (Notice), 6 (Informational). 


Default Values 





By default, event history transmission is disabled and the priority level is 3. This means that messages with 
levels 1 through 3 will be sent, and messages with level 4 through 6 will not be sent. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example changes the minimum priority level of the log messages sent to the AC to 6. This 
will send all log messages to the AC: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#event-history priority 6 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 1997 


Command Reference Guide AP Interface Configuration Command Set 





full-duplex 


Use the full-duplex command to configure the wireless access point (AP) Ethernet interface for 
full-duplex operation. This allows the interface to send and receive simultaneously. Use the no form of this 
command to return to the default half-duplex operation. 





Wor This command is not available for the embedded AP module (EAPM). The EAPM is fixed 


at full-duplex operation. 





Syntax Description 





No subcommanas. 


Default Values 


By default, all AP Ethernet interfaces are configured for half-duplex operation. 


Command History 





Release 15.1 Command was introduced for the AP interface. 


Functional Notes 


Full-duplex Ethernet is a variety of Ethernet technology currently being standardized by the IEEE. Because 
there is no official standard, vendors are free to implement their independent versions of full-duplex 
operation. Therefore, it is not safe to assume that one vendor’s equipment will work with another. 


Devices at each end of a full-duplex link have the ability to send and receive data simultaneously over the 
link. Theoretically, this simultaneous action can provide twice the bandwidth of normal (half-duplex) 
Ethernet. To deploy full-duplex Ethernet, each end of the link must only connect to a single device. With 
only two devices on a full-duplex link, there is no need to use the medium access control mechanism (to 
share the signal channel with multiple stations) and listen for other transmissions or collisions before 
sending data. 


Usage Examples 





The following example configures the AP’s Ethernet interface for full-duplex operation: 


(config)#interface dot11ap 1 
(config-dot11 ap 1)#full-duplex 
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half-duplex 


Use the half-duplex command to configure the wireless access point’s (AP) Ethernet interface for 
half-duplex operation. This setting allows the Ethernet interface to either send or receive at any given 
moment, but not simultaneously. Use the no form of this command to disable half-duplex operation. 





‘one This command is not available for the embedded AP module (EAPM). 





Syntax Description 





No subcommanas. 


Default Values 


By default, all Ethernet interfaces are configured for half-duplex operation. 


Command History 





Release 15.1 Command was introduced for the AP interface. 


Functional Notes 


Half-duplex Ethernet is the traditional form of Ethernet that employs the Carrier Sense Multiple 
Access/Collision Detect (CSMA/CD) protocol to allow two or more hosts to share a common transmission 
medium while providing mechanisms to avoid collisions. A host on a half-duplex link must “listen” on the 
link and only transmit when there is an idle period. Packets transmitted on the link are broadcast (so it will 
be “heard” by all hosts on the network). In the event of a collision (two hosts transmitting at once), a 
message is sent to inform all hosts of the collision and a backoff algorithm is implemented. The backoff 
algorithm requires the station to remain silent for a random period of time before attempting another 
transmission. This sequence is repeated until a successful data transmission occurs. 


Usage Examples 





The following example configures the AP Ethernet interface for half-duplex operation: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#half-duplex 
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ip address <ip address> <subnet mask> 


Use the ip address command to define an IP address for the AP ethernet interface. Use the no form of this 
command to remove a configured IP address. 


Syntax Description 
<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0). 


Default Values 





By default, there are no assigned IP addresses. 


Command History 





Release 15.1 Command was introduced for the AP interface. 


Functional Notes 





The IP address and subnet mask are only needed on the AP interface if the user wants to use RADIUS 
authentication with the wireless clients. A default gateway may also need to be specified. 


Usage Examples 
The following example configures an IP address of 192.22.72.101 and a subnet mask of 255.255.255.252: 





(config)#interface dot11ap 1 
(config-dot11ap 1)#ip address 192.22.72.101 255.255.255.252 
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ip default-gateway </p address> 
Use the ip default-gateway command to assign a default gateway to the wireless access point (AP). This 


allows the AP to communicate with IP devices on other IP subnets. Use the no form of this command to 
remove the default gateway. 


Syntax Description 





<ijp address> Specifies the default gateway IP address. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, there is no configured default gateway. 


Command History 





Release 15.1 Command was introduced for the AP interface. 


Usage Examples 





The following example assigns the AP a default gateway for 10.10.10.1: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#ip default-gateway 10.10.10.1 
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location <name> 


Use the location command to specify the location of the wireless access point (AP). Use the no form of 
this command to remove the specified location. 


Syntax Description 


<name> Specifies the name of the location of the AP. The location name may be up 
to 32 characters. 


Default Values 





No default necessary for this command. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example assigns the name floor5 as the location of AP 1: 


(config)#interface dot11ap 1 
(config-dot11 ap 1)#location floor5 
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name <name> 


Use the name command to specify a name for this wireless access point (AP). Use the no form of this 
command to remove the assigned name. 


Syntax Description 


<name> Specifies the name of the AP. The name may be up to 32 characters in 
length. 


Default Values 


By default, the name of the AP will be ADTN plus the last three bytes of the AP MAC address (all upper 
case). 





Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example assign the name accounting1 to AP 1: 


(config)#interface dot11ap 1 
(config-dot11ap 1)#name accounting1 
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RADIO INTERFACE CONFIGURATION COMMAND SET 


A radio interface is a virtual interface that can be programmed into an AOS platform running the 
ADTRAN Wireless Control Protocol (AWCP). This interface is used to configure radio-level commands 
for an 802.11 wireless access point (AP). The AP is either a physical standalone unit (such as the NetVanta 
150) or integrated within the AOS platform via a module, also known as an Embedded Access Point 
Module (EAPM). 


The associated AP interface must be configured before access to the Radio Interface Configuration mode is 
possible. For more information on configuring the AP, refer to AP Interface Configuration Command Set 

on page 1987. Upon creation, each radio will have one default VAP configured. More detailed information 
on configuring the VAP interface is provided in VAP Interface Configuration Command Set on page 2028. 


There are only two radio types; 802.11a and 80211bg. Radio 802.11bg defaults to interface dotllap 
<ap/1> and radio 802.11a defaults to interface dotllap <ap/2>. The only changes that can be made to 
the radio types is to specify the radio mode of the 802.1 1bg radio as type b, g, or bg using the command 
radio-mode on page 2018. 





The parent (AP) interface must be created before access to the Radio Interface 
‘ore Configuration mode is possible. Execute the interface dotllap <ap> command to create 
an AP interface. 


To activate Radio Interface Configuration mode for an 802.11b or g radio, enter the commands at the 
Global Configuration mode prompt as shown below: 


>enable 

#configure terminal 

(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)# 


To activate Radio Interface Configuration mode for an 802.11a radio, enter the commands at the Global 
Configuration mode prompt as shown below: 


>enable 

#configure terminal 

(config)#interface doti1ap 1/2 radio-type 802.11a 
(config-doti1ap 1/2-a)# 





<ap/2> is radio type 802. Ila. 


Wor By default interface dotllap <ap/1> is radio type 802.11bg and interface dotI lap 
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Not all radio interface commands apply to both radio types. Use the ? command to display 
‘one a list of valid commands. 





The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


antenna <name> on page 2006 

beacon period <time> on page 2007 
channel on page 2008 

fragment-threshold <length> on page 2010 
inactivity-timeout max <value> on page 2011 
power local on page 2012 

preamble-short on page 2013 
protection-mode on page 2014 

gos-mode wmm on page 2016 

radio-mode on page 2018 

rtp quality-monitoring on page 2020 

rts threshold <length> on page 2021 
short-slot-time on page 2022 

speed on page 2023 

speed default basic-set on page 2024 
station-role access-point on page 2025 
vap-isolation on page 2026 

world-mode dotlld on page 2027 
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antenna <name> 


Use the antenna command to select the desired antenna mode. Use the no form of this command to return 
to the default value. Variations of this command include the following: 


antenna 1 
antenna 2 
antenna diversity 


Syntax Description 





1 Sets the antenna mode to transmit or receive on antenna 1. 
2 Sets the antenna mode to transmit or receive on antenna 2. 
diversity Sets the mode to transmit or receive on antenna with best signal. 


Default Values 





By default, the antenna is set to diversity. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





Diversity antennas are two separate antennas that are attached to a single wireless radio. These antennas 
are designed to reduce the effects of multi-path radio distortion. Each antenna samples the radio signal 
around the access point (AP). The antenna receiving the best signal is chosen to transmit and receive 
information. Only one diversity antenna is in use at any given time. 


Usage Examples 





The following example sets the antenna mode to transmit or receive on antenna 1 on an 802.11bg wireless 
radio: 


(config)#interface doti1ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#antenna 1 
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beacon period <time> 


Use the beacon period command to set the time between beacons. Use the no form of this command to 
return to the default value. 


Syntax Description 


<time> Specifies the number of 802.11 time units (TU) between beacons. One TU 
is 1024 microseconds. Range is 20 to 1000 TU. 


Default Values 





By default, the beacon period is 100 TU. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





A beacon is a type of management frame used in 802.11 wireless networks. Beacon frames carry 
important information such as the basic service set, parameter sets, and capability. The beacon frame is 
sent to the broadcast MAC address, which means that all clients must be able to receive and process 
beacons. 


Beacon frames are associated with some overhead, which decreases the throughput of the wireless 
network. The higher the beacon period, the fewer number of beacons sent, thus reducing overhead and 
increasing throughput on the network. However, fewer beacons can cause a delay in the association 
process because stations scanning for available access points may miss the beacons. 


Usage Examples 





The following example sets the beacon period to 500 TU on an 802.11 bg wireless radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#beacon period 500 
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channel 


Use the channel command to manually select a channel for the wireless radio or to scan for the best 
channel available. Use the no form of this command to return to the default value. Variations of this 
command include the following: 


channel <number> 
channel least-congested 


Syntax Description 





<number> Specifies the IEEE (Institute of Electrical and Electronics Engineers, Inc.) 
channel number. The range of channels is dependent on the radio type and 
country setting (refer to the table in Functional Notes for a complete list of 
supported channels by country). 


least-congested Sets the radio to scan for the best channel available. 


Default Values 


By default, the radio scans for the least-congested channel available. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 


The following table lists the supported channels by country. 












































Countr 802.11a (5 GHz) 802.11bg (2.4 GHz) 
y Wireless Radios Channels Wireless Radios Channels 
Asia 149, 153, 157, 161 1,2,3,4,5,6,7,8,9, 10, 11,12, 13 
Australia 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165 1, 2,3, 4,5, 6, 7,8, 9, 10, 11, 12, 13 
Canada 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165 1, 2,3,4,5,6,7,8,9, 10,11 
tenner 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, werere tre Tr rr 
132, 136, 140 
Europe 34, 38, 42, 46 1,2,3,4,5,6,7,8,9, 10, 11, 12, 13 
‘ 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 
Haan 132, 136, 140 1, 2,3, 4,5, 6, 7,8, 9, 10, 11, 12, 13 
France 34, 38, 42, 46 1,2,3,4,5,6,7,8,9, 10, 11, 12, 13 
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 
Gonnely 132, 136, 140 1, 2,3, 4,5, 6, 7, 8, 9, 10, 11, 12, 13 
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 
eae 132, 136, 140 1, 2,3, 4,5, 6, 7,8, 9, 10, 11, 12, 13 
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 
gs 132, 136, 140 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 
Japan 34, 38, 42, 46 1,2,3,4,5,6,7,8,9, 10, 11, 12, 13 
Mexico 36, 40, 44, 48, 149, 153, 157, 161, 165 1,2,3,4,5,6,7,8,9, 10, 11 
Nethenansy, (ah ne sh or te eng enon oa a a, 6 Bra 10, aig 




















60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2008 


Command Reference Guide Radio Interface Configuration Command Set 
































New Zealand 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 
36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 

Norway 132, 136, 140 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 

Puerto Rico 36, 40, 44, 48, 149, 153, 157, 161, 165 1,2, 3, 4, 5, 6, 7, 8, 9, 10, 11 

South America |802.11a not supported 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 

y 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 

Spain 132, 136, 140 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 

Sweden 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 1,2,3,4,5,6,7,8,9, 10, 11, 12, 13 
132, 136, 140 

Switzerland 34, 38, 42, 46 1, 2,3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 

United Kingdom 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 1,2,3,4,5,6,7,8,9, 10, 11, 12, 13 
132, 136, 140 

United States 36, 40, 44, 48, 149, 153, 157, 161, 165 1,2, 3,4, 5, 6, 7, 8, 9, 10, 11 

















Usage Examples 








Type channel ? to display a list of valid channels from which to choose. The list of 
‘ore channels displayed is based on the selected radio type (refer to the command radio-mode 
on page 2018) and country setting (refer to the command country-region on page 1992). 





The following example manually sets an 802.11bg wireless radio to channel 6 in the United States: 
(config)#interface dot11ap 1/1 radio-type 802.11bg 

(config-dot11ap 1/1-bg)#channel 6 

The following example manually sets an 802.11a wireless radio to channel 149 in the United States: 


(config)#interface doti1ap 1/2 radio-type 802.11a 
(config-dot11ap 1/1-a)#channel 149 
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fragment-threshold </ength> 
Use the fragment-threshold command to set the packet length threshold. Packets larger than the value set 


in this command will be fragmented when transmitted on the wireless link. Use the no form of this 
command to return to the default value. 


Syntax Description 





<length> Specifies the maximum packet length allowed before fragmentation will 
occur. Range is 256 to 2346 bytes. 


Default Values 





By default, the fragment threshold is set at 2346 bytes. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





Fragment threshold can be set to a lower number to prevent retransmission of large packets, but the 
overhead is increased. If the threshold is large, the overhead is relatively small but large packets will be 
retransmitted, lowering efficiency. 


Usage Examples 





The following example sets the fragment threshold at 572 bytes on an 802.11bg wireless radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#fragment-threshold 572 
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inactivity-timeout max <va/lue> 
Use the inactivity-timeout max command to set the maximum length of inactivity allowed between an AP 


and its clients. If no response is seen from the client within the timeout, the client will be disassociated. 
Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the maximum length of time a connection between an AP and AC 
is allowed to remain inactive. Range is 1 to 99 minutes. 


Default Values 





By default, the maximum inactivity timeout is 5 minutes. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets maximum inactivity timeout to 2 minutes on an 802.11bg wireless radio: 


config)#interface dotitap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#inactivity-timeout max 2 
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power local 


Use the power local command to select the radio's transmit power level. The range of the power level is 
relative to the country region currently specified for the radio. Use the no form of this command to return 
to the default value. Variations of this command include: 


power local maximum 
power local half 
power local quarter 
power local eighth 
power local minimum 


Syntax Description 





maximum Sets the power local level to the maximum output power setting. 

half Sets the power local level to one-half of the maximum output power setting. 

quarter Sets the power local level to one-fourth of the maximum output power 
setting. 

eighth Sets the power local level to one-eighth of the maximum output power 
setting. 

minimum Sets the power local level to the minimum output power setting. 


Default Values 





By default, the power local setting is maximum. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





Radio cell size and interference between cells can be reduced by lowering the radio's transmit power level. 


Usage Examples 





The following example sets the radio's transmit power to one-half maximum power on an 802.11bg 
wireless radio: 


config)#interface dotitap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#power local half 
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preamble-short 
Use the preamble-short command to enable short preamble mode on an 802.11bg radio. The preamble is 


information at the beginning of a packet that is used by the AP as well as its clients. Use the no form of this 
command to return to the default value. 


Syntax Description 





No subcommanas. 


Default Values 





By default, short preamble mode is enabled. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





When short preamble mode is enabled, clients may request short or long preambles according to need. 
Disabling short preamble mode means that clients must request long preambles only. 


‘one Short preamble mode is not supported on the 5 GHz 802. Ila radio. 





Usage Examples 





The following example enables short preamble mode on an 802.11bg wireless radio: 


config)#interface dotitap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#preamble-short 
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protection-mode 


Use the protection-mode command to configure the protection mode, type, and rate for an 802.1 1bg radio. 
Use the no form of this command to return to the default value. Variations of this command include the 
following: 


protection-mode always 

protection-mode always type cts-only 
protection-mode always type cts-only rate 1 
protection-mode always type cts-only rate 2 
protection-mode always type cts-only rate 5.5 
protection-mode always type cts-only rate 11 
protection-mode always type rts-cts 
protection-mode always type rts-cts rate 1 
protection-mode always type rts-cts rate 2 
protection-mode always type rts-cts rate 5.5 
protection-mode always type rts-cts rate 11 
protection-mode auto 

protection-mode auto type cts-only 
protection-mode auto type cts-only rate 1 
protection-mode auto type cts-only rate 2 
protection-mode auto type cts-only rate 5.5 
protection-mode auto type cts-only rate 11 
protection-mode auto type rts-cts 
protection-mode auto type rts-cts rate 1 
protection-mode auto type rts-cts rate 2 
protection-mode auto type rts-cts rate 5.5 
protection-mode auto type rts-cts rate 11 





‘ore This command is only available on the 802.11 bg radio interface. 





Syntax Description 





always Protection mode is always on, regardless of the presence of 802.11b 
clients. 
auto Protection mode is automatically activated when an 802.11b client 
associates with an 802.11g AP. 
type 
cts-only Specifies Clear to Send-only (CTS-only) protection mode. 
rts-cts Specifies Request to Send-Clear to Send (RTS-CTS) protection mode. 
rate 
1 Sets the packet rate to 1 Mbps. 
2 Sets the packet rate to 2 Mbps. 
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5.5 Sets the packet rate to 5.5 Mbps. 
11 Sets the packet rate to 11 Mbps. 


Default Values 


By default, protection-mode is set to auto, type is set to cts-only, and the rate is set to 11. 


Command History 





Release 15.1 Command was introduced 


Functional Notes 





Protection mode is used when 802.11b and 802.11g radios exist together on the same wireless local area 
network (WLAN) network. 802.119 devices are required to be backwards-compatible with legacy 802.11b 
devices. Both radios operate in the 2.4 GHz frequency range; however, each uses a different transmission 
type. 802.11b radios use Direct Sequence Spread Spectrum (DSSS) for transmitting data, and 802.11g 
radios use Orthogonal Frequency Division Multiplexing (OFDM) for transmitting data. Contention for media 
access on 802.11 networks is managed via Carrier Sense Multiple Access with Collision Avoidance 
(CSMA/CA), but the use of two different transmission types prevents 802.11b devices from “hearing” 
transmission attempts on the shared RF medium. Protection mode addresses this problem and allows for 
coexistence of 802.11b and 802.119 devices on a network. 


There are two protection mode types: CTS-only, also known as CTS-to-self, and RTS-CTS. Both types are 
used when an 802.11g access point associates with an 802.11b client. Compared to a network that 
contains solely 802.11g clients, use of a protection mode reduces throughput. Compared to each other, 
CTS-only mode requires slightly less protocol overhead than RTS-CTS mode. Protection frames must be 
transmitted at 802.11b rates (1 Mbps, 2 Mbps, 5.5 Mbps, or 11 Mbps) to ensure these frames are received 
and processed by all clients on the network. 


During CTS-only mode, clients that have a frame for transmission on the RF medium will first transmit a 
CTS frame. The destination address specified in this CTS frame is the transmitting client's own MAC 
address. All clients connected to the RF medium are required to listen to CTS frames. A CTS frame is 
interpreted as a “do not send” command by all clients except by the one whose MAC address is specified 
in the destination field. 


When RTS-CTS is employed, clients must request access to the RF medium by sending an RTS to the 
access point. The client refrains from accessing the medium and transmitting data until it receives a CTS 
from the access point. A CTS command is interpreted as a “do not send” command when it is received by 
a client that did not initiate the RTS. RTS-CTS requires more protocol overhead than CTS-only. 


Usage Examples 





The following example enables protection mode to automatically activate upon association of an 802.11b 
client with an 802.11g AP. RTS-CTS is specified, but the rate is not. This means that the default rate of 
11 Mbps will be used. 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#protection-mode auto type rts-cts 
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qos-mode wmm 


Use the qos-mode command to enable Wi-Fi Multimedia (WMM) Quality of Service (QoS) mode. Use the 
no form of this command to disable WMM mode. Variations of this command include the following: 


qos-mode wmm 
qos-mode wmm no-ack 


Syntax Description 





no-ack Optional. Specifies the no acknowledgements be sent. 


Default Values 
By default, WMM QoS mode is disabled. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





AOS supports WMM, which adds QoS functionality to the wireless network. QoS helps control the 
allocation of bandwidth on the wireless local area network (WLAN). The benefits of QoS may not be 
noticed if the traffic load on the wireless network is light. However, QoS benefits will become more 
apparent as the traffic load on the WLAN increases. 


WM\M in AOS is based on the Enhanced Distributed Channel Access (EDCA) method. This method 
ensures that higher priority traffic has a better chance of being transmitted on the WLAN than lower priority 
traffic. There are four priority classes defined in WMM to manage traffic from different applications: Voice, 
Video, Best-effort, and Background. According to algorithms defined in EDCA, a client with traffic ina 
higher priority class, such as voice, will typically back off of the RF medium for a shorter period of time than 
a Client with traffic in a lower priority class, such as e-mail. In addition, each priority class is assigned a 
transmit opportunity (TXOP), which is a set amount of time during which a client can send as many frames 
as possible. Higher priority classes are given a longer TXOP interval than lower priority classes. 


WMM must be enabled on both the access points (APs) and the clients running applications that require 
QoS. These applications must be able to support WMM for the QoS functionality to be utilized. In addition, 
the applications must be capable of assigning the appropriate priority class to their generated streams of 
traffic. 


When acknowledgements are enabled, transmission is more reliable because an acknowledge frame is 
returned for every frame received. However, acknowledgement frames increase the amount of traffic on 
the WLAN, which results in decreased performance. Disabling acknowledgements means that 
transmission will not be as reliable, but performance will be better. For example, having no 
acknowledgements would be useful for voice traffic because the speed of transmission is most important 
and packet loss to a certain degree is tolerable. 
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Usage Examples 





The following example enables WMM QoS mode without acknowledgements on an 802.11bg wireless 
radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#qos-mode wmm no-ack 
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radio-mode 


Use the radio-mode command to set a specific radio type. Use the no form of this command to return to 
the default value. Variations of this command include the following: 


radio-mode a 
radio-mode b 
radio-mode bg 
radio-mode g 


Syntax Description 





a Specifies radio type a. 
b Specifies radio type b. 
bg Specifies radio type g in backwards compatible mode to radio type b. 
g Specifies radio type g. 


Default Values 





By default, the 802.11bg radio is set to radio-mode bg and the 802.114 radio is set to radio-mode a. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 


ADTRAN currently supports three of the IEEE 802.11 Wireless Local Area Network (WLAN) standards: 
802.11a, 802.11b, and 802.119. Each access point (AP) contains two integrated radios: one that supports 
802.11a and one that supports 802.11b and/or 802.11g. 





802.11b is a legacy protocol operating at 2.4 GHz with a maximum throughput of 11 Mbps. This throughput 
value is derived from the use of Direct Sequence Spread Spectrum (DSSS) technology for transmission. 
The North American channel set contains 11 channels, each 22 MHz wide. Out of these 11 channels, 
there are only 3 non-overlapping or non-interfering channels. The use of three discreet APs in the same 
area, each set to one of the three non-overlapping channels, will result in an aggregate bandwidth of 

33 Mbps. The theoretical maximum distance for 802.11b is 100 meters. However, the actual distance is 
approximately 60 meters in a typical office environment. 


802.119 operates at 2.4 GHz with a maximum throughput of 54 Mbps. The obvious benefit to using 802.119 
over 802.11b is faster data transmission. The higher maximum throughput is achieved by using Orthogonal 
Frequency Division Multiplexing (OFDM) in addition to DSSS for transmission. 802.11g is 
backwards-compatible to 802.11b, helping to ease migration from an existing 802.11b network to an 802.119 
network. However, the maximum throughput for an 802.11g network is reduced when operating in 
backwards-compatibility mode with 802.11b. The North American channel set for 802.119 contains 11 
channels, each 22 MHz wide. Out of these 11 channels, there are only 3 non-overlapping or non-interfering 
channels. The use of 3 discreet APs in the same area, each set to one of the 3 non-overlapping channels, will 
result in an aggregate bandwidth of 162 Mbps. The theoretical maximum distance for 802.11g is 100 meters. 
However, the actual distance is approximately 75 meters in a typical office environment. 
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802.11a operates at 5.8 GHz with a maximum throughput of 54 Mbps. OFDM is used for transmission. The 
North American channel set for 802.11 is derived from the lower channels, UNII-1 and UNII-2, in the 

5.8 GHz frequency range. There are 8 non-overlapping or non-interfering channels, each 33 MHz wide. 
The use of eight discreet APs in the same area, each set to one of the 8 non-overlapping channels, will 
result in an aggregate bandwidth of 432 Mbps. The theoretical maximum distance for 802.114 is 

50 meters. However, the actual distance is approximately 25 meters in a typical office environment. 
802.11a is not compatible with 802.11b or g. 





The data rate associated with any of the radios will continue to drop as a user moves 
‘one farther away from the AP. The highest data rates will be achieved in areas closest to the 
AP. 





Usage Examples 
The following example sets the radio-mode to radio type g only on an 802.11bg wireless radio: 


(config)#interface doti1ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#radio-mode g 
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rtp quality-monitoring 


Use the rtp quality-monitoring command to enable voice quality monitoring (VQM) of the Realtime 
Transport Protocol (RTP) voice stream packets on this interface. If the global command (ip rtp 
quality-monitoring) is disabled when this command is issued, the system will return the following 
warning: “Applied but not used, you must globally enable ip rtp quality-monitoring to use VQM.” Use 
the no form of this command to return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VQM is enabled on all WAN and LAN interfaces. 





Command History 





Release 17.1 Command was introduced. 


Usage Examples 
The following example enables RTP quality monitoring on an 802.11bg wireless radio: 


(config)#interface doti1ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#rtp quality-monitoring 
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rts threshold </ength> 


Use the rts threshold command to set the threshold for use of Request to Send (RTS) frames. RTS is used 
to gain access to the RF medium when long frames need to be transmitted. The RTS threshold defines the 
minimum “long” frame length that will require RTS/Clear to Send (CTS) prior to transmission. Any frame 
that matches or is longer than the length specified in the rts threshold command must be preceded by a 
RTS/CTS on the RF medium. Use the no form of this command to return to the default value. 


Syntax Description 





<length> Specifies the length of the RTS threshold in bytes. Range is 256 to 
2,346 bytes. 


Default Values 
By default, the RTS threshold is 2,346 bytes. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





Generally, it is best to set the RTS threshold as high as possible. However, the threshold may need to be 
set lower if network throughput is sluggish or there are high numbers of frame retransmissions. 


Usage Examples 





The following example sets the RTS threshold to 1,024 bytes on an 802.11bg wireless radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11 ap 1/1-bg)#rts-threshold 1024 
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short-slot-time 


Use the short-slot-time command to enable short slot time (9 microseconds) for an 802.1 1bg radio. Use 
the no form of this command to return to the long slot time (20 microseconds). 





‘ore This command is only available on the 802. 11bg radio interface. 





Syntax Description 





No subcommanas. 


Default Values 


By default, short-slot-time is enabled. 


Short slot time is used only when the wireless network contains strictly 2.4 GHz, 802. 11g 
devices and all of those devices support short slot time. If not all 802.11g devices support 


Short slot time or the wireless network contains both 802.11b and g radios and/or clients, 
the radio automatically reverts to standard slot time. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





Slot time is the amount of time a wireless device waits after a collision before retransmitting a packet. The 
standard slot time of 20 microseconds is used in 2.4 GHz, 802.11b and 802.11bg networks. If a wireless 
network is strictly 802.11g and all devices are capable of supporting the feature, short slot time 

(9 microseconds) can be enabled. Short slot time increases throughput by decreasing the backoff time 
calculated by the transmitting device when a collision occurs. 


Usage Examples 





The following example specifies use of long slot time for 802.119 exclusive networks on an 802.11bg 
wireless radio: 


(config)#interface doti1ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#no short-slot-time 
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speed 


Use the speed command to set the active rate for the radio. Frames cannot be transmitted at a speed that is 
higher than the specified active rates. Use the no form of this command to return to the default value. 
Variations of this command include the following: 


speed best 
speed <speed> 


Syntax Description 





best Sets the transmit speed of the radio to the best available. 


<speed> Sets the transmit speed of the radio. Available speeds vary based on the 
setting in the radio-mode command. 
For 802.11a radios, choose from 6, 9, 12, 18, 24, 36, 48, or 54 Mbps. 
For 802.11b radios, choose from 1, 2, 5.5, or 11 Mbps. 
For 802.11bg radios, choose 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, or 
54 Mbps. 
For 802.119 radios, choose 6, 9, 12, 18, 24, 36, 48, or 54 Mbps. 





‘one The speed setting best is recommended. 





Default Values 


By default, the active rate is set to best. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the active rate to best on an 802.11bg wireless radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#speed best 
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speed default basic-set 


Use the speed default basic-set command to configure the basic rate set for the radio. A client connecting 
to the radio must be able to support these rates. Use the no form of this command to return to the default 
basic rate set for the radio type. Variations of this command include the following: 


speed default basic-set 802.11 
speed default basic-set 802.11b 
speed default basic-set 802.11g 
speed default basic-set ofdm 


Syntax Description 





802.11 Speed for 802.11 (1, 2 Mbps). 

802.11b Speed for 802.11b (1, 2, 5.5, 11 Mbps). 

802.11g Speed for 802.11bg (protection mode) (1, 2, 5.5, 6, 11, 12, 24 Mbps). 

ofdm Speed for Orthogonal Frequency Division Multiplexing (OFDM) (6, 12, 
24 Mbps). 





The OFDM basic rate set on an 802.11bg radio should be specified for a network that only 
‘ore contains 802. 11g APs and clients. This setting maximizes throughput for 802. 11g networks, 
but will not allow 802.11b clients to associate with the AP. 





Default Values 
By default, the 802.11bg radio is set to 802.11b and the 802.11a radio is set to ofdm. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the basic rate set for 802.11bg (protection mode that supports 802.11b and g 
clients) on an 802.11bg wireless radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#speed default basic-set 802.11g 
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station-role access-point 


Use the station-role access-point command to set the radio operation mode to access point (AP). Use the 
no form of this command to return to the default value. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the station-role is set to access-point. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the station-role to access-point on an 802.11bg wireless radio: 


(config)#interface dot11ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#station-role access-point 
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vap-isolation 
Use the vap-isolation command to enable virtual access point (VAP) isolation, which prevents clients 


from one VAP on a radio from directly accessing clients in another VAP on the same radio. Use the no 
form of this command to return to the default value. 


Syntax Description 





No subcommanas. 


Default Values 





By default, VAP isolation is disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example enables VAP isolation an 802.11bg wireless radio: 


(config)#interface doti1ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#vap-isolation 
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world-mode dot11d 


Use the world-mode dot11d command to enable 802.11d mode. This mode allows country codes to be 
transmitted in beacons sent from the AP. Use the no form of this command to disable 802.11d mode. 


Syntax Description 


No subcommanas. 


Default Values 
By default, 802.11d mode is disabled. 





Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example enables 802.11d mode on an 802.11bg wireless radio: 


(config)#interface doti1ap 1/1 radio-type 802.11bg 
(config-dot11ap 1/1-bg)#world-mode dot11d 
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VAP INTERFACE CONFIGURATION COMMAND SET 


The Virtual Access Point (VAP) Interface Configuration command set is used to configure Service Set 
Identifier (SSIDs) security and other parameters for each VAP. 


A VAP is a logical entity that can exist within a physical wireless access point (AP). VAPs are virtual 
interfaces represented on wireless networks through the use of a wireless access controller (AC) running 
the ADTRAN Wireless Control Protocol (AWCP) and an AP. Each physical AP can support up to eight 
VAPs for each of the two radio bands for a total of 16 VAPs. VAPs are distinguished by an SSID and can 
be mapped to a virtual local area network (VLAN). VLAN information can be shared across switches with 
Ethernet trunks. A common configuration has two VAPs, one associated to a corporate VLAN, and one 
associated to a guest VLAN. 


The associated AP and radio interfaces must be configured before attempting to configure the VAP. For 
more information on configuring the AP and radios, refer to AP Interface Configuration Command Set on 
page 1987 and Radio Interface Configuration Command Set on page 2004. Each radio will have one 
default VAP configured. The VAP name is based on the interface to which the AP and radio are mapped 
using the following syntax, interface dotllap <ap/radio.vap>. 


To add a VAP or to enter its interface configuration mode, enter the interface dotllap <ap/radio.vap> 
command identifying the appropriate AP and radio interface, followed by the VAP interface number. This 
command can be entered from the Global Configuration mode prompt or from any other interface 
configuration mode prompt. In the following example, VAP 1 is created for AP 1 with an 802.11bg radio. 


For example: 


>enable 

#configure terminal 
(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 

interface on page 52 


shutdown on page 59 
All other commands for this command set are described in this section in alphabetical order. 


accounting on page 2030 


client-separation on page 2032 
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radius-server host on page 2033 

security mode on page 2034 

security wep-key on page 2036 

security wep-key generate on page 2038 

security wep-key-length on page 2039 

security wep-key seed <passphrase> on page 2040 
security wpa group-key on page 2041 

ssid on page 2042 

vlan-id <vlan id> on page 2043 
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accounting 


Use the accounting command to enable RADIUS accounting for associations with this virtual access point 
(VAP) and specify update intervals. Use the no form of this command to disable accounting for this VAP. 
Variations of this command include: 


accounting enabled 

accounting update 

accounting update newinfo 
accounting update periodic 
accounting update periodic <value> 


Syntax Description 


enabled Enables RADIUS accounting on this VAP. 


update Defines the RADIUS accounting update setting. Executing the accounting 
update command without specifying any further parameters will send 
updates when new information occurs. This is the same as executing the 
accounting update newinfo command. 





newinfo Specifies sending RADIUS accounting records as they occur. 


periodic Specifies collecting accounting records and sending them periodically. The 
default value is 5. 


<value> Optional. Specifies the number of minutes between periodic accounting 
updates. Valid range is 1 to 99. 


Default Values 
By default, RADIUS accounting is disabled. 





Functional Notes 





The RADIUS server host, AP IP address, and IP gateway must be configured on the access point for this 
feature to work. Refer to radius-server host on page 2033, ip address <ip address> <subnet mask> on 
page 2000, and ip default-gateway <ip address> on page 2001 for more information on configuring these 
parameters. 


Command History 





Release 15.1 Command was introduced. 
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Usage Examples 





The following example enables RADIUS accounting for associations with this VAP: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#accounting enabled 


The following example enables sending RADIUS accounting updates as they occur for this VAP: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#accounting update newinfo 
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client-separation 
Use the client-separation command to prevent wireless clients within this virtual access point (VAP) from 


communicating directly with each other. Use the no form to disable this feature, allowing clients to 
communicate with one another. It is recommended to enable this command. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example prevents wireless clients on this VAP interface from communicating directly with 
each other: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#client-separation 
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radius-server host 


Use the radius-server host command to specify the parameters for a remote RADIUS server to be used 
when sending RADIUS messages from the virtual access point (VAP). At a minimum, the IP address of 
the server must be given. The other parameters are also allowed and (if not specified) will use default 
values or fall back on the global RADIUS server’s default settings. Use the no form of this command to 
remove the RADIUS server properties. This prevents the VAP from using AAA authentication or 
accounting methods. Variations of this command include: 


radius-server host <ip address> acct-port <port> auth-port <port> key <key> 
radius-server host <ip address> acct-port <port> key <key> 

radius-server host </p address> auth-port <port> acct-port <port> key <key> 
radius-server host <ip address> auth-port <port> key <key> 

radius-server host <ip address> key <key> 


Syntax Description 





<ip address> Specifies a valid IP address for the RADIUS server. IP address should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 

acct-port Specifies the remote port to send accounting requests to. 

auth-port Specifies a remote port to send authentication requests to. 

<port> Specifies a UDP port number to be used when sending authentication or 


accounting information to the RADIUS server. Valid range is 0 to 65,535. 


key <key> Defines the shared key used between the RADIUS server and the access 
point. The key must appear last on the input line since it reads the rest of 
the line beyond the key keyword. The maximum length is 64 bytes. 


Default Values 





By default, a RADIUS server is not defined. The default setting for acct-port is 1813 and for auth-port is 
1812. By default, no key is configured. 


Command History 





Release 15.1 Command was expanded to include the VAP interface. 


Usage Examples 





The following example defines the RADIUS server parameters with an IP address of 10.10.10.1, sets the 
accounting port to 1646, and configures the shared key as abc123: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#radius-server host 10.10.10.1 acct-port 1646 key abc123 
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security mode 


Use the security mode command to configure the security mode settings for this VAP. Use the no form of 
these commands to return to the default settings. Depending on the mode chosen between Wired 
Equivalency Privacy (WEP) and Wi-Fi Protected Access (WPA), further command options are available. 





‘one WEP security mode is not as secure as WPA and is not recommended. 





Variations of this command include: 


security mode none 

security mode wep open-key 

security mode wep open-key eap 

security mode wep open-key eap mdb5b-static-key 
security mode wep open-key eap mdb5b-static-key-optional 
security mode wep shared-key 

security mode wpa aes-ccmp eap 

security mode wpa aes-ccmp psk <key> 
security mode wpa aes-ccmp tkip eap 

security mode wpa aes-ccmp tkip psk <key> 
security mode wpa tkip aes-ccmp eap 

security mode wpa tkip aes-ccmp psk <key> 
security mode wpa tkip eap 

security mode wpa tkip psk <key> 





In order to connect to the access point, a client must support the same security mode as 
configured on this VAP. 


Syntax Description 





none Specifies that no security be used on this VAP. There is no authentication 
required to connect to this VAP and no encryption is provided on the 
wireless connection. 

wep Configures the VAO for WEP security mode. 

open-key Specifies that the WEP security mode use open authentication with static 
WEP keys. The client and the VAP must be configured with the same static 
key. A static WEP key is configured on the VAP by using the security 
wep-key command (refer to page 2036). 

shared-key Specifies that the WEP security mode use shared authentication with 
encrypted static keys. The client and the VAP must be configured with the 
same static key. A static WEP key is configured on the VAP by using the 
security wep-key command (refer to page 2036). 
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eap Specifies that the WPA security mode use the Extensible Authentication 
Protocol (EAP) as a universal authentication framework in the wireless 
network. A client must support WEP with 802.1x. Authentication is 
performed between the client and a RADIUS server. 


eap md5-static-key Defines the WEP security mode for this VAP. A client must support WEP 
with 802.1x. Authentication is performed between the client and a RADIUS 
server. It indicates that all clients are using EAP type MD5. This EAP type 
does not perform key generation and requires appropriate static WEP keys 
be configured on this VAP (refer to security wep-key on page 2036). User 
can specify security WEP keys 2 through 4, the first WEP key is obtained 
from the RADIUS server. 


eap md5-static-key-optional Defines the WEP security mode for this VAP. A client must support WEP 
with 802.1x. Authentication is performed between the client and a RADIUS 
server. It indicates that some clients are using EAP type MD5 while other 
clients are using more advanced EAP types (TLS, PEAP., etc.). Unlike the 
advanced EAP types, EAP type MD5 does not perform key generation and 
requires appropriate static WEP keys be configured on this VAP (refer to 
security wep-key on page 2036). User can specify security WEP keys 2 
through 4, the first WEP key is obtained from the RADIUS server. 


wpa Configures this VAP for WPA security mode. 


aes-ccmp Specifies using the WPA2 the algorithms. This security setting can be used 
alone or in combination with TKIP. 


tkip Specifies that the WPA security mode use Temporal Key Integrity Protocol 
(TKIP) as its keying structure. This protocol specifies the algorithms used 
for rotating keys. TKIP can be used alone or in combination with aes-ccmp. 


psk Specifies that the WPA security mode use preshared keys (PSK) for key 
management. PSK may be used in combination with tkip and/or aes-ccmp. 
This method does not require a RADIUS authentication server. The PSK 
key must be known on all VAP clients. 


<key> Defines the PSK for security. The key must consist of 8 to 63 ASCII or 16 to 
126 hexadecimal characters. Clients supporting WPA PSK are allowed to 
connect to this VAP. 


Default Values 





By default, no security mode is defined. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example shows a typical configuration of these parameters: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#security mode wpa tkip psk myPresharedKey 
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security wep-key 


Use the security wep-key command to define the Wired Equivalency Privacy (WEP) keys for use in wep 
shared-key and wep open-key security modes (refer to the command security mode on page 2034). Up to 
four keys can be programmed. Set these keys before selecting the WEP security mode. Use the no form of 
this command to disable the specified key. Variations of this command include: 


security wep-key <index> <key> 
security wep-key <index> <key> transmit-key 





on the VAP. 


‘oe Specifying security mode wep open-key eap does not require any WEP keys to be defined 





Syntax Description 


<index> Indicates the WEP key index value. The value and order of WEP static keys 
must match on the access point (AP) and all connecting clients. Valid 
entries are 1 to 4 for wep shared-key and wep open-key. For eap 
md5-static-key and eap md5-static-key-optional modes, the user can 
specify security wep-key 2 through security wep-key 4, the first WEP key 
is obtained from the RADIUS server. 


<key> Specifies the WEP key in hexadecimal characters. The key size is 
determined in the security mode command for wep shared-key or wep 
open-key security. The key length must follow the setting of the security 
wep-key-length on page 2039. 

transmit-key Enables the specified key to encrypt all wireless traffic sent by this VAP. 
Only one WEP key index can be the current transmit key. The first index 
entered under a VAP becomes the transmit key by default. The most recent 
index specified with the transmit-key keyword becomes the current 
transmit key. The default is the first WEP key index entered for the VAP. 


Default Values 





By default, no keys are defined. 


Command History 





Release 15.1 Command was introduced. 
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Functional Notes 





The client and the AP must be configured with the same static key. 
The corresponding number of hexadecimal or ASCII characters required is: 


AP WEP Key Size Hexadecimal Characters ASCII Characters 
40 10 5 
104 26 13 
128 32 16 





become 128, and 128 bits become 152 on the client. 


or The addition of 24-bit Initialization Vector (IV) makes the 40 bits become 64 bits, 104 bits 





Usage Examples 





The following example creates a static WEP key at index 2 with a hexadecimal value of 343f49546a: 


(config)#interface dot11ap 1/1.1 
(config-doti1ap 1/1.1-bg)# security wep-key 2 343f49546a 
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security wep-key generate 


Use the security wep-key generate command to generate wired equivalency privacy (WEP) keys for 
shared-key and wep open-key security modes (refer to the command security mode on page 2034). Up to 
four keys can be generated from the passphrase entered with the security wep-key-seed command (on 
page 2040). 


Syntax Description 





No subcommanas. 


Default Values 





By default, no keys are defined or generated. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





The generation of WEP keys occurs through the use of a standard message digest (MD5) key generator. 
The generator creates secure WEP keys by assigning random values for each element (letters or 
numbers) in the passphrase entered using the security wep-key-seed command (on page 2040). 


Usage Examples 





The following example enables WEP key generation on 802.11bg wireless radio VAP 1 based on the 
passphrase adtran6808: 


(config)#interface dot11ap 1/1.1 radio-type 802.11bg 
(config-dot11ap 1/1.1-bg)#security wep-key-seed adtran6808 
(config-dot11ap 1/1.1-bg)#security wep-key generate 
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security wep-key-length 


Use the security wep-key-length command to specify the length of the WEP key to be programmed with 
the security wep-key command. Use the no form of this command to return to the default settings. 
Variations of this command include: 


security wep-key-length 104 
security wep-key-length 128 
security wep-key-length 40 





become 128, and 128 bits become 152 on the client. 


Wo The addition of 24-bit Initialization Vector (IV) makes the 40 bits become 64 bits, 104 bits 





Syntax Description 





wep-key-length Specifies the WEP key length. Valid entries are 40, 104, and 128. 


Default Values 


By default, no keys are defined. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





There are four keys to program. At least one WEP key must be defined. The corresponding number of 
hexadecimal characters required is determined by: 


key size on client, key size on AP = number of keys multiplied by the hexadecimal characters in the key 
Examples: 

64, 40 = 4x10 

128,104 =4x 26 

152, 128 =4x 32 


Usage Examples 





The following example sets the WEP key length to 104: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#security wep-key-length 104 
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security wep-key seed <passphrase> 
Use the security wep-key seed command to set a passphrase for the generation of wired equivalency 


privacy (WEP) keys for use in wep shared-Key and wep open-key security modes (refer to the command 
security mode on page 2034). Use the no form of this command to clear the passphrase. 


Syntax Description 





<passphrase> A phrase of 1 to 32 characters used as the basis for WEP key generation. 


Default Values 





By default, no passphrase is set. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





The generation of WEP keys occurs through the use of a standard message digest (MD5) key generator. 
The generator creates secure WEP keys by assigning random values for each element (letters or 
numbers) in the passphrase. Refer to the command security wep-key generate on page 2038 for more 
information. 


Usage Examples 





The following example creates a passphrase of adtran6808 to use in WEP key generation on 802.11bg 
wireless radio on VAP 1: 


(config)#interface dot11ap 1/1.1 radio-type 802.11bg 
(config-dot11ap 1/1.1-bg)#security wep-key seed adtran6808 
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security wpa group-key 


Use the security wpa group-key command to enable group key (broadcast key) rotation for the specified 
virtual access point (VAP). Use the no form of this command to disable group key rotation. Variations of 
this command include: 


security wpa group-key 
security wpa group-key change <minutes> 
security wpa group-key change <minutes> membership-termination 


Syntax Description 





change <minutes> Enables a periodic change of the group key. Specify the number of minutes 
between group key changes. Valid range is 10 to 600 minutes, with the 
default being 30 minutes. 

membership-termination Optional. Specifies a change of the group key at the termination of any 
membership association. 


Default Values 





By default, group key rotation is disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example enables WPA group key rotation on the VAP: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#security wpa group-key 


The following example enables a 15 minute change of the group key and also enables the group key to 
change any time a membership is terminated: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#security wpa group-key change 15 membership-termination 
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ssid 


Use the ssid command to assign the Service Set Identifier (SSID) for this virtual access point (VAP) and 
indicate whether to broadcast the SSID over the network. The SSID is a unique identifier consisting of up 
to 32 characters (letters or numbers). Use the no form of this command to return to the default settings. 
Variations of this command include: 


ssid broadcast-mode <itext> 
ssid non broadcast-mode <texi> 


Syntax Description 





broadcast-mode Enables broadcasting the SSID in beacons transmitted for this VAP. 


non broadcast-mode Blocks broadcasting the SSID for this VAP. This setting is utilized in closed 
wireless networks. Devices connecting to the access point in non-broadcast 
mode require the wireless device to enter the SSID. 


<text> Specifies an SSID for the VAP. The SSID can consist of up to 32 characters 
using text or letters and may also include spaces. 


Default Values 


By default, the SSID is set as wireless vap-index radio-index. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example configures the SSID of VAP interface 1 as WLAN1 and blocks broadcasting this 
SSID: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#ssid non broadcast-mode WLAN1 
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vian-id <vian id> 


Use the vlan-id command to associate a virtual local area network (VLAN) with the virtual access point 
(VAP) interface. Encapsulation 802.1q must be enabled on the access point before wireless traffic is routed 
with the VLAN ID attached. To enable encapsulation, refer to the command encapsulation 802.1q on page 
1994. Use the no form of this command to remove an entry. 


Syntax Description 





<vian id> Specifies a VLAN interface ID number. Range is 1 to 4095. 


Default Values 





By default, the VLAN ID is the same number as the VAP interface number. 


Functional Notes 





Once encapsulation 802.1q is enabled on the AP, all wireless traffic received on the VAP’s SSID is mapped 
to the VLAN (specified by the VLAN ID) when sent out the AP's Ethernet interface. All wireless traffic 
received on this VLAN ID at the AP's Ethernet interface is mapped to this VAP's SSID for wireless 
transmission. 


Command History 





Release 15.1 Command was expanded to include the VAP interface. 


Usage Examples 





The following example configures the vian-id to 4 for VAP interface 1: 


(config)#interface dot11ap 1/1.1 
(config-dot11ap 1/1.1-bg)#vlan-id 4 
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VPN PARAMETER COMMAND SETS 


This section includes the following command sets: 


¢ CA Profile Configuration Command Set on page 2045 
¢ Certificate Configuration Command Set on page 2056 
¢ Crypto Map IKE Command Set on page 2060 

¢ Crypto Map Manual Command Set on page 2077 

¢ IKE Client Command Set on page 2088 

¢ IKE Policy Attributes Command Set on page 2092 

¢ IKE Policy Command Set on page 2098 
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CA PROFILE CONFIGURATION COMMAND SET 


To activate the Certificate Authority (CA) Profile Configuration mode, enter the crypto ca profile 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#crypto ca profile MyProfile 
Configuring New CA Profile MyProfile 
(ca-profile)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


crl optional on page 2046 

email address <address> on page 2047 
enrollment retry on page 2048 
enrollment terminal on page 2049 
enrollment url <url> on page 2050 
fqdn <name> on page 2051 

ip-address <ip address> on page 2052 
password <password> on page 2053 
serial-number on page 2054 


subject-name <name> on page 2055 
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crl optional 


Use the crl optional command to make CRL verification optional. 


Syntax Description 





No subcommanas. 


Default Values 





By default, CRL optional is enabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





If enabled, AOS is able to accept certificates even if no CRL is loaded into the configuration. Currently, this 
is the only mode supported by AOS for CRL negotiations. 


Usage Examples 





The following example sets CRL verification as optional: 


(ca-profile)#crl optional 
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email address <address> 


Use the email address command to specify that an email address should be included in the certificate 
request. Use the no form of this command to remove an email address. 


Syntax Description 


<address> Specifies the complete email address to use when sending certificate 
requests. This field allows up to 51 characters. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Configuring this setting simplifies the crypto ca enroll dialog, allowing you to enter the email address only 
once rather than every time you go through the enrollment process. Refer to crypto ca enroll <name> on 
page 644. 


Usage Examples 





The following example specifies joesmith@company.com as the email address to be sent in certificate 
requests: 


(ca-profile)}#email address joesmith@company.com 
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enrollment retry 


Use the enrollment retry command to determine how AOS handles certificate requests. Use the no form 
of this command to return to the default settings. Variations of this command include: 


enrollment retry count <number> 
enrollment retry period <value> 


Syntax Description 





count <number> Specifies the number of times AOS re-sends a certificate request when it 
does not receive a response from the previous request. Range is 1 to 100. 
period <value> Specifies the time period between certificate request retries. The default is 1 


minute between retries. Range is 1 to 60 minutes. 


Default Values 





By default, period is set to 5 minutes, and count is set to 12 retries. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example configures AOS to send certificate requests every 2 minutes, stopping after 50 
retries (if no response is received): 


(ca-profile)#enrollment retry count 50 
(ca-profile)#enrollment retry period 2 
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enrollment terminal 


Use the enrollment terminal command to specify manual (i.e., cut-and-paste) certificate enrollment. Use 
the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is enabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





This mode is overridden if the enrollment url command specifies the CA to which automatic certificate 
requests are to be sent via simple certificate exchange protocol (SCEP). Issuing an enrollment terminal 
command after using the enrollment url command deletes the URL and forces the unit to use manual 
enrollment. Refer to enrollment url <url> on page 2050 for more information. 


Usage Examples 





The following example configures AOS to accept manual certificate enrollment input: 


(ca-profile)#enrollment terminal 
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enrollment url <ur/> 


Use the enrollment url command to specify the URL of the CA to which AOS should send certificate 
requests. Use the no form of this command to remove a URL. 


Syntax Description 


<url> Specifies the certificate authority’s URL (for example, 
http://10.10.10.1:400/abcdefg/pkiclient.exe). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





When entering the URL http:// is required, followed by the IP address or DNS name of the CA. If the port 
number is something other than 80, include it after the IP address or DNS name separated with a colon (:). 


The CA may have other necessary information to include in the CGI path before ending with the actual CGI 
program. An example template to follow is http://hostname:port/path/to/program.exe. 


Use the default program pkiclient.exe without specifying it, end the URL with a slash (/). Otherwise, you 
must enter the program name to use. For example, http://10.10.10.1:400/abcdefg/ will assume 
pkiclient.exe as the program (but not including the terminating slash is a configuration error). 


Specifying this command will override the enrollment terminal setting as described previously (refer to 
enrollment terminal on page 2049). 


Usage Examples 





The following example specifies http://CAserver/certsrv/mscep/mscep.dll as the URL to which AOS will 
send certificate requests: 


(ca-profile)#enrollment url hitp://CAserver/certsrv/mscep/mscep.dll 
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fqdn <name> 


Use the fqdn command to specify a fully-qualified domain name (FQDN) to be included in the certificate 
requests. Use the no form of this command to remove an FQDN. 


Syntax Description 


<name> Specifies the FQDN (e.g., company.com) to be included in requests. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Configuring this setting simplifies the crypto ca enroll dialog, allowing you to enter the FQDN only once 
rather than every time you go through the enrollment process. Refer to crypto ca enroll <name> on page 
644. 


Usage Examples 





The following example specifies company.com as the FQDN to be sent in certificate requests: 


(ca-profile)#fqdn company.com 
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ip-address </p address> 


Use the ip-address command to specify an IP address to be included in the certificate requests. Use the no 
form of this command to remove a defined IP address. 


Syntax Description 


<address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Configuring this setting simplifies the crypto ca enroll dialog, allowing you to enter the IP address only 
once rather than every time you go through the enrollment process. Refer to crypto ca enroll <name> on 
page 644. 


Usage Examples 





The following example specifies 66.203.52.193 as the IP address to be sent in certificate requests: 


(ca-profile)#ip-address 66.203.52.193 
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password <password> 
Use the password command to specify the challenge password for simple certificate exchange protocol 


(SCEP). Use the no form of this command to allow CA requests to be sent automatically (using SCEP) 
without requiring a password. 


Syntax Description 





<password> Specifies the SCEP password (up to 80 characters). 


Default Values 





By default, no password is required. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





There are two places for configuring a SCEP password: 


« At the (ca-profile)# prompt. 
« — Ifitis not configured at the (ca-profile)# prompt, you are prompted to enter one when going through the 
certificate enrollment process. 


The password is sent to the CA from which you are requesting a certificate. The CA may then ask for the 
password later before a certificate can be revoked. Refer to crypto ca enroll <name> on page 644. 


Usage Examples 





The following example sets the SCEP challenge password to adtran: 


(ca-profile)}#password adtran 
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serial-number 


Use the serial-number command to specify that a serial number will be included in the certificate request. 
Use the no form of this command to prevent a serial number from being included in the certificate request. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





By default, this command is set to no serial-number, which means that the serial number is not included 
in the certificate requests. 


Usage Examples 





The following example configures AOS to include a serial number in the certificate request: 


(ca-profile)#serial-number 
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subject-name <name> 


Use the subject-name command to specify the subject name used in the certificate request. Use the no 
form of this command to remove a configured subject name. 


Syntax Description 


<name> Specifies a subject name string using up to 256 characters entered in X.500 
LDAP format. 


Default Values 





By default, there is no subject name configured. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





Configuring this setting simplifies the crypto ca enroll dialog, allowing you to enter the subject name only 
once rather than every time you go through the enrollment process. Refer to crypto ca enroll <name> on 
page 644. 


Usage Examples 





The following example assigns a subject name of Adtran-cert to certificate requests: 


(ca-profile)#subject-name Adtran-cert 
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CERTIFICATE CONFIGURATION COMMAND SET 





To activate the Certificate Configuration mode, enter the crypto ca certificate chain command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#crypto ca certificate chain MyProfile 
(config-cert-chain)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


certificate <serial number> on page 2057 
certificate ca <serial number> on page 2058 


crl on page 2059 
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certificate <serial number> 


Use the certificate command to restore a certificate. Use the no form of this command to remove a specific 
certificate from the certificate chain. 


Syntax Description 


<serial number> Specifies the certificate’s serial number (up to 51 characters). This value 
can be found for existing certificates by using the show run command. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The user typically does not enter this command. It is primarily used to restore certificates from the startup 
configuration when the product is powered up. 


Usage Examples 





The following example removes the certificate with the serial number 
73f0bfe5ed8391 a54d1214390a36cee7: 


(config)#crypto ca certificate chain MyProfile 
(config-cert-chain)#no certificate 73f0bfe5ed8391a54d121 4390a36cee7 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2057 


Command Reference Guide Certificate Configuration Command Set 





certificate ca <serial number> 


Use the certificate ca command to restore a CA certificate. Use the no form of this command to remove a 
specific certificate from the certificate chain for a CA. 


Syntax Description 


<serial number> Specifies the certificate’s serial number (up to 51 characters). This value 
can be found for existing certificates by using the show run command. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The user typically does not enter this command. It is primarily used to restore certificates from the startup 
configuration when the product is powered up. 


Usage Examples 





The following example removes the CA certificate with the serial number 0712: 


(config)#crypto ca certificate chain MyProfile 
(config-cert-chain)#no certificate ca 0712 
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crl 


Use the crl command to restore a CRL. Use the no form of this command to remove the CRL for the 
specific CA. 


Syntax Description 


No subcommanas. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The user typically does not enter this command. It is primarily used to restore CRLs from the startup 
configuration when the product is powered up. 


Usage Examples 





The following example removes the CRL for the current CA: 


(config)#crypto ca certificate chain MyProfile 
(config-cert-chain)#no crl 
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CRYPTO Map IKE COMMAND SET 





To activate the Crypto Map IKE mode, enter a valid version of the crypto map ipsec-ike command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#crypto map Map-Name 10 ipsec-ike 
(config-crypto-map)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


antireplay on page 2061 

commit-bit on page 2062 

ike-policy <number> on page 2064 

match address <name> on page 2065 

match track <name> on page 2067 

reverse-route on page 2069 

set peer on page 2071 

set pfs on page 2073 

set security-association lifetime on page 2074 

set security-association idle-time <value> on page 2075 


set transform-set on page 2076 





the AOS Documentation CD provided with your unit. 


Wor For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
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antireplay 


Use the antireplay command to enable anti-replay sequence number checking for all security associations 
created on this crypto map. Use the no form of this command to disable. Variations of this command 
include: 


antireplay 
antireplay <value> 


Syntax Description 





<value> Optional. Specifies the anti-replay window size in bytes. Select from 64,128, 
256, 512, or 1024 bytes. 


Default Values 


By default, the window size is set to 64 bytes. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 


The following example enables anti-replay sequence checking on crypto map VPN 100: 


(config)#crypto map VPN 100 ipsec-ike 
(config-crypto-map)#antireplay 
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commit-bit 
Use the commit-bit command to set the commit-bit in the Internet Security Association and Key 


Management Protocol (ISAKMP) header when sending the second message of quick mode on an IPSec 
tunnel negotiation. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the commit-bit will be used. 


Command History 





Release 12.1 Command was introduced. 


Functional Notes 


As an extra security measure, the commit-bit can be set by the responder of a quick mode negotiation to 
force the initiator to wait for the fourth message of quick mode before bringing up its IPSec security 
associations (SA's). By default, this feature is enabled on all AOS products with VPN capabilities. Some 
vendors, however, may have incorrect implementations of the commit-bit that do not interoperate well with 
AOS products. In that case, the commit-bit should be disabled on all crypto maps that have a peer which 
does not support the commit-bit. 


Usage Example 





The following example disables the use of commit-bit: 
(config-crypto-map)#no commit-bit 
The following example displays a configuration with the commit-bit disabled: 


ip crypto 

l 

crypto ike policy 100 
initiate main 
respond main 
local-id address 10.10.10.1 
peer 192.168.1.1 
attribute 2 
encryption aes-256-cbc 
authentication pre-share 
lifetime 3600 
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crypto ike remote-id address 10.10.10.1 preshared-key adtran ike-policy 100 crypto map VPN 10 
no-mode-config no-xauth 
| 


crypto ipsec transform-set esp-aes-256-cbc-esp-sha-hmac esp-aes-256-cbc esp-sha-hmac mode tunnel 
| 
crypto map VPN 10 ipsec-ike 

description VPN to Main Site 

match address VPN-10-vpn-selectors 

set peer 192.168.1.1 

set transform-set esp-aes-256-cbc-esp-sha-hmac 

set security-association lifetime seconds 3600 

no commit-bit 

ike-policy 100 
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ike-policy <number> 
Use the ike-policy command to ensure that only a specified IKE policy is used to establish the IPSec 


tunnel. This prevents any mobile VPN policies from using IPSec policies that are configured for static 
VPN peer policies. Use the no form of this command to remove a configured policy. 


Syntax Description 





<number> Specifies the policy number of the policy to assign to this crypto map. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example shows a typical crypto map configuration: 


(config)#crypto ike policy 100 

(config)#crypto map VPN 10 ipsec-ike 
(config-crypto-map)#description “Remote Office” 
(config-crypto-map)#match address VPN-10-vpn-selectors 
(config-crypto-map)#set peer 10.22.17.13 
(config-crypto-map)#set transform-set esp-3des-esp-md5-hmac 
(config-crypto-map)#ike-policy 100 
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match address <name> 


Use the match address command to assign an IP access control list to a crypto map definition. The access 
control list designates the IP packets to be encrypted by this crypto map. Use the no form of this command 
to delete an IP access control list. Refer to ip access-list extended <name> on page 673 for more 
information on creating access control lists. 


Syntax Description 





<name> Specifies the name of the access control list you wish to assign to this 
crypto map. 


Default Values 





By default, no IP access control lists are defined. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 


Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, 
the crypto map entry refers to an access control list. An access control list (ACL) is assigned to the crypto 
map using the match address command. If no ACL is configured for a crypto map, then the entry is 
incomplete and will have no effect on the system. 


The entries of the ACL used in a crypto map should be created with respect to traffic sent by the ADTRAN 
product. The source information must be the local ADTRAN product and the destination must be the peer. 


Only extended access control lists can be used in crypto maps. 


Usage Examples 


The following example shows setting up an ACL (called NewList) and then assigning the new listtoa 
crypto map (called NewMap): 


(config)#ip access-list extended NewList 


Configuring New Extended ACL “NewList” 
(config-ext-nacl)#exit 

(config)#crypto map NewMap 10 ipsec-ike 
(config-crypto-map)#match address NewList 
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Technology Review 





A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types 
of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index, which is used to sort the 
ordered list. 


When a nonsecured packet arrives on an interface, the crypto map set associated with that interface is 
processed in order. If a crypto map entry matches the nonsecured traffic, the traffic is discarded. 


When a packet is to be transmitted on an interface, the crypto map set associated with that interface is 
processed in order. The first crypto map entry that matches the packet will be used to secure the packet. If 
a suitable SA exists, that is used for transmission. Otherwise, IKE is used to establish an SA with the peer. 
If no SA exists, and the crypto map entry is “respond only,” the packet is discarded. 


When a secured packet arrives on an interface, its SPI is used to look up an SA. If an SA does not exist, or 
if the packet fails any of the security checks (bad authentication, traffic does not match SA selectors, etc.), 
it is discarded. If all checks pass, the packet is forwarded normally. 
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match track <name> 


Use the match track command to assign a network monitoring track to enable or disable the indicated 
crypto map policy. Use the no form of this command to remove this capability. Refer to track <name> on 
page 947 and Network Monitor Track Configuration Command Set on page 2185 for more information on 
creating and using tracks. 


Syntax Description 





<name> Specifies the name of the network monitoring track to assign to this crypto 
map. 


Default Values 





By default, there are no network monitoring tracks assigned. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 


To increase availability of a network with two Virtual Private Network (VPN) Gateways, a track can be 
assigned to a primary crypto map policy. This track will ensure connectivity to the primary VPN gateway. If 
the track detects connectivity problems on this gateway, the primary crypto map policy is disabled. Network 
traffic is then allowed to flow over the backup VPN gateway using the backup crypto map policy (which 
would have a similar match address Access Control List (ACL) as the primary crypto map policy). Once 
the track detects connectivity with the primary VPN gateway again, it will re-enable the primary crypto map 


policy. 


Network monitoring tracks must be created first with the track command executed from the Global 
Configuration mode command prompt. Once created, further configuration is accomplished through the 
commands available in the Network Monitor Track Configuration Command Set on page 2185. 


Usage Examples 





The following example shows the preliminary steps necessary before assigning a track to a crypto map 
policy, as well as configuring the track to disable the primary VPN gateway if connectivity issues are 
detected: 


Define a probe named primaryping to ping the primary VPN gateway (10.22.156.251): 
(config)#probe primaryping icmp-echo 

config-probe-primaryping)#destination 10.22.156.251 
config-probe-primaryping)#period 10 

config-probe-primaryping)#tolerance consecutive fail 3 
config-probe-primaryping)#no shutdown 
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Create a track named track1 to test the probe defined above: 
(config)#track track1 

(config-track-track1)#test probe primaryping 
(config-track-track1)#no shutdown 

(config-track-track1)#exit 


Configure the crypto map (NewMap) to create a VPN tunnel to the primary VPN gateway (10.22.156.251): 
(config)#crypto map NewMap 10 ipsec-ike 

(config-crypto-map)#description Primary VPN policy 

(config-crypto-map)#match track track1 

(config-crypto-map)#match address VPN-selectors 

(config-crypto-map)#set peer 10.22.156.251 


Configure the crypto map (NewMap) to create a VPN tunnel to the backup VPN gateway (10.22.156.240): 
(config)#crypto map NewMap 20 ipsec-ike 

(config-crypto-map)#description Backup VPN policy 

(config-crypto-map)#match address VPN-selectors 

(config-crypto-map)#set peer 10.22.156.240 
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reverse-route 


Use the reverse-route command to enable Virtual Private Network (VPN) reverse route injection for a 
particular crypto map. Use the no form of the command to disable reverse route injection. Variations of the 
command include the following: 


reverse-route 

reverse-route <number> 
reverse-route <number> tag <value> 
reverse-route tag <va/ue> 


Syntax Description 





<number> Specifies the administrative distance for the static route. Range is 1 to 255. 


tag <value> Optional. Specifies that a tag will be added to the static route in the route 
table. Range from 1 to 65,535. 


Default Values 





By default, reverse routing is disabled. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 





Reverse route injection automatically inserts a static route to a peer’s remote network into the route table 
of a VPN gateway. 


The tags used in reverse route injection allow the routes to be individuated from other static routes. 


Usage Examples 





The following example enables Reverse Route Injection for crypto map MyMap with an administrative 
distance of 20 and a tag value of 10: 


(config)#crypto map MyMap 100 ispec-ike 
(config-crypto-map)#reverse-route 20 tag 10 
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Technology Review 





The Reverse Route Injection allows a Crypto IPSec policy to inject static routes to a remote network into its 
own route table, leaving it to the configuration of routing protocols to propagate the routes within the 
network. Reverse Route Injection serves as a method of updating routing tables when using a backup VPN 
server. In case one VPN is taken down or is unreachable, the VPN peer’s route is removed out of the VPN 
Gateway’s route table and other route tables within the network. 


Administrative Distance is a feature that routers employ in order to select the most reliable path when there 
are two or more routes to the same destination from two different routing protocols. Administrative 
Distance defines the reliability of a routing protocol by assigning a value (the smaller the value the more 
trustworthy the protocol) that is then used by the router to organize routing protocols according to reliability. 
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set peer 


Use the set peer command to set the IP address or host name of the peer device. Use the no form of this 
command to remove a peer device. Variations of this command include: 


set peer hostname <hostname> 
set peer <ip address> 


Syntax Description 





<hostname> Specifies the host name of the peer device expressed in the format 
<host.example.com> (for example, vpn.somecompany.com). 


<ijpp address> Specifies the IP address of the peer device. If this is not configured, it 
implies responder only to any peer. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


Default Values 


There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 
Release 16.1 Command was expanded to include hostname parameters. 


Functional Notes 





If no peer IP address or host name is configured, the entry will only be used to respond to IPSec requests; 
it cannot initiate the requests (since it doesn't know which IP address to send the packet to). When a peer 
IP address is configured, the crypto map entry can be used to both initiate and respond to SAs. The peer 
address or host name is not checked when a tunnel is initiated from a remote unit; this address only serves 
as the VPN peer to initiate a tunnel to. 


The peer IP address is the public IP address of the device which will terminate the IPSec tunnel. If the peer 
IP address is not static, or the peer’s address cannot be attained through the DNS host name, the 
ADTRAN product cannot initiate the VPN tunnel. There are many Dynamic DNS services which can serve 
DNS for hosts which are dynamically addressed. By setting no peer IP address, the ADTRAN product can 
respond to an IPSec tunnel request. 


Only one peer IP address or host name can be set. 


When using DNS host names for peer IP addresses the crypto map is not able to initiate a tunnel until the 
DNS host name resolves. This DNS host name is checked every 10 minutes. 
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Usage Examples 





The following example sets the peer IP address of 10.100.23.64: 
(config-crypto-map)#set peer 10.100.23.64 


The following example sets the peer host name to vpn.examplehost.com: 


(config-crypto-map)#set peer hostname vpn.examplehost.com 
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set pfs 


Use the set pfs command to choose the type of perfect forward secrecy (PFS), if any, that will be required 
during IPSec negotiation of security associations for this crypto map. Use the no form of this command to 
require no PFS. Variations of this command include: 


set pfs group1 
set pfs group2 
set pfs group5 


Syntax Description 





group1 Requires IPSec to use Diffie-Hellman Group 1 (768-bit modulus) exchange 
during IPSec SA key generation. 


group2 Requires IPSec to use Diffie-Hellman Group 2 (1024-bit modulus) 
exchange during IPSec SA key generation. 


group5 Requires IPSec to use Diffie-Hellman Group 5 (1536-bit modulus) 
exchange during IPSec SA key generation. 


Default Values 
By default, no PFS will be used during IPSec SA key generation. 


Command History 





Release 4.1 Command was introduced. 
Release 15.1 Command was expanded to include group5. 


Functional Notes 





If left at the default setting, no PFS will be used during IPSec SA key generation. If PFS is specified, then 
the specified Diffie-Hellman Group exchange will be used for the initial and all subsequent key generation, 
thus providing no data linkage between prior keys and future keys. 


Usage Examples 





The following example specifies use of the Diffie-Hellman Group 1 exchange during IPSec SA key 
generation: 


(config-crypto-map)#set pfs group1 
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set security-association lifetime 


Use the set security-association lifetime command to define the lifetime (in kilobytes and/or seconds) of 
the IPSec SAs created by this crypto map. Use the no form of this command to return to the default 
settings. Variations of this command include: 


set security-association lifetime kilobytes <va/ue> 
set security-association lifetime seconds <value> 


Syntax Description 





kilobytes <value> Specifies the SA lifetime limit in kilobytes. 
seconds <value> Specifies the SA lifetime limit in seconds. 


Default Values 





By default, the security-association lifetime is set to 28,800 seconds and there is no default for the 
kilobytes lifetime. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





Values can be entered for this command in both kilobytes and seconds. Whichever limit is reached first will 
end the security association. 


Usage Examples 





The following example sets the SA lifetime to 300 kilobytes and 2 hours (7200 seconds): 


(config-crypto-map)#set security-association lifetime kilobytes 300 
(config-crypto-map)#set security-association lifetime seconds 7200 
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set security-association idle-time <va/ue> 


Use the set security-association idle-time command to set the receive idle timeout in seconds. This is the 
maximum amount of time for which the current virtual private network (VPN) peer can be idle. Once the 
timeout has occurred, the VPN tunnel will be brought down. Use the no form of this command to disable 
the timeout feature. 


Syntax Description 





<value> Specifies the idle timeout in seconds. Valid range is 1 to 4,294,967,294. 


Default Values 





By default, the idle timeout is not defined. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the receive idle timeout to 60 seconds: 


(config-crypto-map)#set security-association idle-time 60 
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set transform-set 


Use the set transform-set command to assign up to six transform sets to a crypto map. Use the no form of 
this command to return to the default setting. Refer to crypto ipsec transform-set <name> <parameters> 
on page 655 for information on defining transform sets. Variations of this command include: 


set transform-set <name> 

set transform-set <name> <name> 

set transform-set <name> <name> <name> 

set transform-set <name> <name> <name> <name> 

set transform-set <name> <name> <name> <name> <name> 

set transform-set <name> <name> <name> <name> <name> <name> 


Syntax Description 





<name> Assigns up to six transform sets to this crypto map by listing the set names, 
separated by a space. 


Default Values 





By default, there is no transform set assigned to the crypto map. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 


Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto 
map is associated with transform sets which contain specific security algorithms (refer to crypto ipsec 
transform-set <name> <parameters> on page 655). 


If no transform set is configured for a crypto map, then the entry is incomplete and will have no effect on 
the system. 


Usage Examples 





The following example first creates a transform set (Set1) consisting of two security algorithms (up to three 
may be defined), and then assigns the transform set to a crypto map (Map1): 


config)#crypto ipsec transform-set Set1 esp-3des esp-sha-hmac 
cfg-crypto-trans)#exit 

config)#crypto map Map1 1 ipsec-ike 

config-crypto-map)#set transform-set Set1 


el tl eae 
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CRYPTO MAP MANUAL COMMAND SET 





To activate the Crypto Map Manual mode, enter a valid version of the crypto map ipsec-manual 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#crypto map Map-Name 10 ipsec-manual 
(config-crypto-map)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


description <text> on page 48 
cross-connect on page 45 

do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


antireplay on page 2078 

ike-policy <number> on page 2079 
match address <name> on page 2080 
set peer <ip address> on page 2082 
set session-key on page 2083 


set transform-set <name> on page 2087 


the AOS Documentation CD provided with your unit. 


Woe For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
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antireplay 


Use the antireplay command to enable anti-replay sequence number checking for all security associations 
created on this crypto map. Use the no form of this command to disable. Variations of this command 
include: 


antireplay 
antireplay <value> 


Syntax Description 





<value> Optional. Specifies the anti-replay window size in bytes. Select from 64,128, 
256, 512, or 1024 bytes. 


Default Values 


By default, the window size is set to 64 bytes 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 


The following example enables anti-replay sequence checking on crypto map VPN 100: 


(config)#crypto map VPN 100 ipsec-manual 
(config-crypto-map)#antireplay 
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ike-policy <number> 
Use the ike-policy command to ensure that only a specified IKE policy is used to establish the IPSec 


tunnel. This prevents any mobile VPN policies from using IPSec policies that are configured for static 
VPN peer policies. Use the no form of this command to remove an configured IKE policy. 


Syntax Description 





<number> Specifies the policy number of the policy to assign to this crypto map. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Usage Examples 





The following example shows a typical crypto map configuration: 


(config)#crypto ike policy 100 

(config)#crypto map VPN 10 ipsec-manual 
(config-crypto-map)#description “Remote Office” 
(config-crypto-map)#match address VPN-10-vpn-selectors 
(config-crypto-map)#set peer 10.22.17.13 
(config-crypto-map)#set transform-set esp-3des-esp-md5-hmac 
(config-crypto-map)#ike-policy 100 
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match address <name> 


Use the match address command to assign an IP access control list to a crypto map definition. The access 
control list designates the IP packets to be encrypted by this crypto map. Use the no form of this command 
to remove a defined IP access control list. Refer to ip access-list extended <name> on page 673 for more 
information on creating access control lists. 


Syntax Description 





<name> Specifies the name of the access control list you wish to assign to this 
crypto map. 


Default Values 





By default, no IP access control lists are defined. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 


Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, 

the crypto map entry refers to an access control list. An access control list (ACL) is assigned to the crypto 
map using the match address command (refer to crypto map on page 656) with the NetVanta 2000 and 

3000 Series units. If no ACL is configured for a crypto map, then the entry is incomplete and will have no 

effect on the system. 


The entries of the ACL used in a crypto map should be created with respect to traffic sent by the ADTRAN 
product. The source information must be the local ADTRAN product, and the destination must be the peer. 


Only extended access control lists can be used in crypto maps. 


Usage Examples 





The following example shows setting up an access control list (called NewList) and then assigning the 
new list to a crypto map (called NewMap): 


(config)#ip access-list extended NewList 
Configuring New Extended ACL "NewList" 
(config-ext-nacl)#exit 


(config)#crypto map NewMap 10 ipsec-manual 
(config-crypto-map)#match address NewList 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2080 


Command Reference Guide Crypto Map Manual Command Set 





Technology Review 





A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types 
of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index, which is used to sort the 
ordered list. 


When a nonsecured packet arrives on an interface, the crypto map set associated with that interface is 
processed in order. If a crypto map entry matches the nonsecured traffic, the traffic is discarded. 


When a packet is to be transmitted on an interface, the crypto map set associated with that interface is 
processed in order. The first crypto map entry that matches the packet will be used to secure the packet. If 
a suitable SA exists, that is used for transmission. Otherwise, IKE is used to establish an SA with the peer. 
If no SA exists, and the crypto map entry is “respond only,” the packet is discarded. 


When a secured packet arrives on an interface, its SPI is used to look up an SA. If an SA does not exist, or 
if the packet fails any of the security checks (bad authentication, traffic does not match SA selectors, etc.), 
it is discarded. If all checks pass, the packet is forwarded normally. 
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set peer </p address> 


Use the set peer command to set the IP address of the peer device. Use the no form of this command to 
remove a peer device. 


Syntax Description 


<ijpp address> Specifies the IP address of the peer device. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP 
address is required for manual crypto maps. To change the peer IP address, the no set peer command 
must be issued first; then the new peer IP address can be configured. 


Usage Examples 





The following example sets the peer IP address of 10.100.23.64: 
(config-crypto-map)#set peer 10.100.23.64 
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set session-key 


Use the set session-key command to define the encryption and authentication keys for this crypto map. 
Use the no form of this command to remove defined encryption and authentications keys. Variations of 
this command include the following: 


set session-key inbound ah <SP/> <key> 

set session-key inbound esp <SP/> authenticator <key> 

set session-key inbound esp <SP/> cipher <key> 

set session-key inbound esp <SP/> cipher <key> authenticator <key> 
set session-key outbound ah <SP/> <key> 

set session-key outbound esp <SP/> authenticator <key> 

set session-key outbound esp <SP/> cipher <key> 

set session-key outbound esp <SP/> cipher <key> authenticator <key> 


Syntax Description 


inbound Defines encryption keys for inbound traffic. 

outbound Defines encryption keys for outbound traffic. 

ah <SPI> Specifies authentication header protocol and security parameter index 
(SPI). 

esp <SPI> Specifies encapsulating security payload protocol and SPI. 

cipher <key> Specifies encryption/decryption key. 

authenticator <key> Specifies authentication key. 


Default Values 


There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





The inbound local security parameter index (SPI) must equal the outbound remote SPI. The outbound 
local SPI must equal the inbound remote SPI. The key values are the hexadecimal representations of the 
keys. They are not true ASCII strings. Therefore, a key of 3031323334353637 represents 01234567. 
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Refer to the following list for key length requirements. 


Algorithm: Minimum key length required: 

DES 64-bits in length; 8 hexadecimal bytes 
3DES 192-bits in length; 24 hexadecimal bytes 
AES-128-CBC 128-bits in length; 16 hexadecimal bytes 
AES-192-CBC 192-bits in length; 24 hexadecimal bytes 
AES-256-CBC 256-bits in length; 32 hexadecimal bytes 
MD5 128-bits in length; 16 hexadecimal bytes 
SHA1 160-bits in length; 20 hexadecimal bytes 


Technology Review 





The following example configures an AOS product for VPN using IPSec manual keys. This example 
assumes that the AOS product has been configured with a WAN IP Address of 63.97.45.57 on interface 
ppp 1 and a LAN IP Address of 10.10.10.254 on interface ethernet 0/1. The Peer Private IP Subnet is 
10.10.20.0. 


For more detailed information on VPN configuration, refer to the VPN Configuration Guide located on the 
AOS Documentation CD provided with your unit. 


Step 1: 
Enter the Global Configuration mode (i.e., config terminal mode). 


>enable 
#configure terminal 


Step 2: 
Enable VPN support using the ip crypto command. This command allows crypto maps to be applied to 
interfaces, and enables the IKE server to listen for IKE negotiation sessions on UDP port 500. 


(config)#ip crypto 


Step 3: 

Define the transform set. A transform set defines the encryption and/or authentication algorithms to be 
used to secure the data transmitted over the VPN tunnel. Multiple transform sets may be defined in a 
system. Once a transform set is defined, many different crypto maps within the system can reference it. In 
this example, a transform set named highly_secure has been created. This transform set defines ESP 
with authentication implemented using 3DES encryption and SHA1 authentication. 


(config)#crypto ipsec transform-set highly_secure esp-3des esp-sha-hmac 
(cfg-crypto-trans)#mode tunnel 
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Step 4: 

Define an IP access control list. An Extended Access Control List is used to specify which traffic needs to 
be sent securely over the VPN tunnel. The entries in the list are defined with respect to the local system. 

The source IP address will be the source of the traffic to be encrypted. The destination IP address will be 
the receiver of the data on the other side of the VPN tunnel. 


(config)#ip access-list extended corporate_traffic 
(config-ext-nacl)#permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255 log 
deny ip any any 


Step 5: 

Create crypto map and define manual keys. A crypto map is used to define a set of encryption schemes to 
be used for a given interface. A crypto map entry has a unique index within the crypto map set. The crypto 
map entry will specify whether IKE is used to generate encryption keys or if manually specified keys will be 
used. The crypto map entry will also specify who will be terminating the VPN tunnel, as well as which 
transform set or sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also 
specifies the lifetime of all created IPSec security associations. 


The keys for the algorithms defined in the transform set associated with the crypto map will be defined by 
using the set session-key command. A separate key is needed for both inbound and outbound traffic. The 
key format consists of a string of hexadecimal values without the leading Ox for each character. For 
example, a cipher key of this is my cipher key would be entered as: 


74686973206973206D7920636970686572206B6579. 


A unique Security Parameter Index (SPI) is needed for both inbound and outbound traffic. The local 
system's inbound SPI and keys will be the peer's outbound SPI and keys. The local system's outbound SPI 
and keys will be the peer's inbound SPI and keys. In this example the following keys and SPls are used: 


Inbound cipher SPI: 300 Inbound cipher key: "2te$#g89jnr(j!@4rvnfhg5e" 
Outbound cipher SPI: 400 Outbound cipher key:  "8564hgjelrign*&(gnb#1$d3" 
Inbound authenticator key:"r5%*ughembkdhj34$x.<" 


Outbound authenticator key:"io78*7gner#4(mgnsd!3" 


(config)#crypto map corporate_vpn 1 ipsec-ike 

(config-crypto-map)#match address corporate_traffic 

(config-crypto-map)#set peer 63.105.15.129 

(config-crypto-map)#set transform-set highly_secure 

(config-crypto-map)#set session-key inbound esp 300 cipher 
32746524236738396A6E72286A21403472766E6668673565 authenticator 
7235255E756768656D626B64686A333424782E3C 

(config-crypto-map)#set session-key outbound esp 400 cipher 
3835363468676A656C7269676E2A2628676E622331 246433 authenticator 
696F37382A37676E65722334286D676E73642133 
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Step 6: 

Configure public interface. This process includes configuring the IP address for the interface and applying 
the appropriate crypto map to the interface. Crypto maps are applied to the interface on which encrypted 
traffic will be transmitted. 


config)#interface ppp 1 

config-ppp 1)#ip address 63.97.45.57 255.255.255.248 
config-ppp 1)#crypto map corporate_vpn 

config-ppp 1)#no shutdown 


aN aN 


Step 7: 
Configure private interface to allow all traffic destined for the VPN tunnel to be routed to the appropriate 
gateway. 


(config)#interface ethernet 0/1 

(config-eth 0/1)#ip address 10.10.10.254 255.255.255.0 
(config-eth 0/1)#no shutdown 

(config-eth 0/1)#exit 
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set transform-set <name> 
Use the set transform-set command to assign a transform set to a crypto map. Use the no form of this 


command to remove assigned transform sets. Refer to crypto ipsec transform-set <name> <parameters> 
on page 655 for information on defining transform sets. 


Syntax Description 





<name> Assigns a transform set to this crypto map by entering the set name. 


Default Values 





By default, no transform set is assigned to the crypto map. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto 
map is associated with transform sets which contain specific security algorithms (refer to crypto ipsec 
transform-set <name> <parameters> on page 655). 


If no transform set is configured for a crypto map, then the entry is incomplete and will have no effect on 
the system. For manual key crypto maps, only one transform set can be specified. 
Usage Examples 


The following example first creates a transform set (Set1) consisting of two security algorithms (up to three 
may be defined), and then assigns the transform set to a crypto map (Map1): 


(config)#crypto ipsec transform-set Set1 esp-3des esp-sha-hmac 
(cfg-crypto-trans)#exit 


(config)#crypto map Map1 1 ipsec-manual 
(config-crypto-map)#set transform-set Set1 
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IKE CLIENT COMMAND SET 





To activate the IKE Client mode, enter the crypto ike client command at the Global Configuration mode 
prompt. For example: 


>enable 

#configure terminal 

(config)#crypto ike client configuration pool ConfigPool1 
(config-ike-client-pool)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


dns-server on page 2089 
ip-range <start ip address> <end ip address> on page 2090 


netbios-name-server <ip address> <secondary> on page 2091 





For VPN configuration example scripts, refer to the VPN Configuration Guide located on 
‘wore the AOS Documentation CD provided with your unit. 
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dns-server 


Use the dns-server command to specify the default primary and secondary Domain Name System (DNS) 
servers to use for the Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this 
command to remove the configured DNS server. Variations of this command include: 


dns-server <ip address> 
dns-server <ip address> <secondary> 


Syntax Description 





<ijp address> Specifies the IP address of the preferred DNS server on the network. 
<secondary> Optional. Specifies the IP address of the second preferred DNS server on 
the network. 
IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, there are no specified default DNS servers. 


Command History 





Release 2.1 Command was introduced. 
Release 4.1 Command was expanded to include the IKE client configuration pool. 


Usage Examples 





The following example specifies a default DNS server with address 192.72.3.254 and a secondary DNS 
server with address 192.100.4.253: 


(config)#crypto ike client configuration pool ConfigPool1 
(config-ike-client-pool)#dns-server 192.72.3.254 192.100.4.253 
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ip-range <start ip address> <end ip address> 


Use the ip-range command to specify the range of addresses from which the router draws when assigning 
an IP address to a client. Use the no form of this command to remove defined IP ranges. 


Syntax Description 
<start ip address> Specifies the first IP address in the range for this pool. 
<end ip address> Specifies the last IP address in the range for this pool. 


IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, no IP address range is defined. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 
The following example defines an IP address range for this configuration pool: 


(config)#crypto ike client configuration pool ConfigPool1 
(config-ike-client-pool)#ip-range 172.1.1.1 172.1.1.25 
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netbios-name-server <ip address> <secondary> 


Use the netbios-name-server command to specify the NetBIOS Windows Internet Naming Service 
(WINS) name servers to assign to a client. Use the no form of this command to remove assigned name 
servers. Variations of this command include: 


netbios-name-server <i/p address> 
netbios-name-server </p address> <secondary> 


Syntax Description 





<ijp address> Specifies the primary WINs server IP address to assign. 
<secondary> Optional. Specifies the secondary WINs server IP address to assign. 


Default Values 





By default, no WINs server address is defined. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example defines two WINs server addresses for this configuration pool: 


(config)#crypto ike client configuration pool ConfigPool1 
(config-ike-client-pool)#netbios-name-server 172.1.17.1 172.1.17.25 
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IKE PoLicy ATTRIBUTES COMMAND SET 


To activate the IKE Policy Attributes mode, enter the attribute command at the IKE Policy prompt. For 
example: 


>enable 

#configure terminal 
(config)#crypto ike policy 1 
(config-ike)#attribute 10 
(config-ike-attribute)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


authentication on page 2093 
encryption on page 2094 
group on page 2095 

hash on page 2096 

lifetime <value> on page 2097 





Wor For VPN configuration example scripts, refer to the VPN Configuration Guide located on 


the AOS Documentation CD provided with your unit. 
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authentication 


Use the authentication command to configure this IKE policy’s use of pre-shared secrets and signed 
certificates during IKE negotiation. Use the no form of this command to disable this feature. Variations of 
this command include: 


authentication dss-sig 
authentication pre-share 
authentication rsa-sig 


Syntax Description 





dss-sig Specifies to use DSS-signed certificates during IKE negotiation to validate 
the peer. 

pre-share Specifies the use of pre-shared secrets during IKE negotiation to validate 
the peer. 

rsa-sig Specifies to use RSA-signed certificates during IKE negotiation to validate 
the peer. 


Default Values 


By default, authentication is set to pre-share. 


Command History 





Release 4.1 Command was introduced. 
Release 5.1 Command was expanded to include signed certificates. 


Functional Notes 





Both sides must share the same pre-shared secret in order for the negotiation to be successful. 


Usage Examples 





The following example enables preshared secrets for this IKE policy: 


(config-ike)#attribute 10 
(config-ike-attribute)#authentication pre-share 
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encryption 


Use the encryption command to specify which encryption algorithm this IKE policy will use to transmit 


data over the IKE-generated SA. Use the no form of this command to return to the default value. 
Variations of this command include: 


encryption aes-128-cbc 
encryption aes-192-cbc 
encryption aes-256-cbc 
encryption des 
encryption 3des 


Syntax Description 





aes-128-cbc Specifies the AES-128-CBC encryption algorithm. 
aes-192-cbc Specifies the AES-192-CBC encryption algorithm. 
aes-256-cbc Specifies the AES-256-CBC encryption algorithm. 
des Specifies the DES encryption algorithm. 

3des Specifies the 3DES encryption algorithm. 


Default Values 





By default, encryption is set to DES. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example selects 3DES as the encryption algorithm for this IKE policy: 


(config-ike)#attribute 10 
(config-ike-attribute)#encryption 3des 
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group 


Use the group command to specify the Diffie-Hellman Group (1,2, or 5) to be used by this IKE policy to 
generate the keys (which are then used to create the IPSec SA). Use the no form of this command to return 
to the default setting. Variations of this command include: 


group 1 


group 2 
group 5 


Syntax Description 





1 Requires the IKE policy to use Diffie-Hellman Group 1 (768-bit modulus) 
exchange during IPSec SA key generation. 


2 Requires the IKE policy to use Diffie-Hellman Group 2 (1024-bit modulus) 
exchange during IPSec SA key generation. 


5 Requires the IKE policy to use Diffie-Hellman Group 5 (1536-bit modulus) 
exchange during IPSec SA key generation. 


Default Values 


By default, group is set to 1. 


Command History 





Release 4.1 Command was introduced. 
Release 15.1 Command was expanded to include Group 5. 


Functional Notes 





The local IKE policy and the peer IKE policy must have matching group settings in order for negotiation to 
be successful. 


Usage Examples 





The following example sets this IKE policy to use Diffie-Hellman Group 2: 


(config-ike)#attribute 10 
(config-ike-attribute)#group 2 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2095 


Command Reference Guide 


IKE Policy Attributes Command Set 





hash 


Use the hash command to specify the hash algorithm to be used to authenticate the data transmitted over 
the IKE SA. Use the no form of this command to return to the default setting. Variations of this command 


include: 


hash md5 
hash sha 


Syntax Description 





md5 Choose the MD5 hash algorithm. 
sha Choose the SHA hash algorithm. 


Default Values 





By default, hash is set to sha. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example specifies md5 as the hash algorithm: 


(config-ike)#attribute 10 
(config-ike-attribute)#hash md5 
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lifetime <value> 


Use the lifetime command to specify how long an IKE SA is valid before expiring. Use the no form of this 
command to return to the default setting. 


Syntax Description 


<value> Specify how many seconds an IKE SA will last before expiring. The valid 
range is 60 to 1,209,600 


Default Values 





By default, lifetime is set to 28,800 seconds. 


Command History 





Release 4.1 Command was introduced. 


Usage Examples 





The following example sets a lifetime of two hours: 


(config-ike)#attribute 10 
(config-ike-attribute)#lifetime 7200 
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IKE POLICY COMMAND SET 





To activate the IKE Policy mode, enter the crypto ike policy command at the Global Configuration mode 
prompt. For example: 


>enable 

#configure terminal 
(config)#crypto ike policy 1 
(config-ike)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


attribute <number> on page 2099 

client authentication host on page 2100 

client authentication host xauth-type on page 2101 
client authentication server list <name> on page 2102 
client configuration pool <name> on page 2103 
initiate on page 2104 

local-id on page 2105 

nat-traversal on page 2107 

peer on page 2108 

respond on page 2110 





Wor For VPN configuration example scripts, refer to the VPN Configuration Guide located on 


the AOS Documentation CD provided with your unit. 
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attribute <number> 


Use the attribute command to define attributes for the associated IKE policy. Multiple attributes can be 
created for a single IKE policy. Once you enter this command, you are in the IKE Policy Attribute mode. 
Refer to IKE Policy Attributes Command Set on page 2092 for more information. Use the no form of this 
command to remove a defined attribute. 


Syntax Description 





<number> Assigns a number (range: 1 to 65,535) to the attribute policy. The number is 
the attribute's priority number and specifies the order in which the resulting 
VPN proposals get sent to the far end. 
This command takes you to the (config-ike-attrioute)# prompt. From here, 
you can configure the settings for the attribute as outlined in the section IKE 
Policy Attributes Command Set on page 2092. 


Default Values 





By default, no attribute is defined. 


Command History 


Release 4.1 Command was introduced. 


Functional Notes 





Multiple attributes on an IKE policy are ordered by number (with the lowest number representing the 
highest priority). 


Usage Examples 





The following example defines a policy attribute (10) and takes you into the IKE Policy Attributes: 


(config-ike)#attribute 10 
(config-ike-attribute)# 
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client authentication host 


Use the client authentication host command to enable the unit to act as an Xauth host when this IKE 
policy is negotiated with a peer. Use the no form of this command to disable this feature. Variations of this 
command include the following: 


client authentication host username <username> 
client authentication host username <username> password <password> 
client authentication host username <username> password <password> passphrase <phrase> 


Syntax Description 





password <password> Specifies the value sent via Xauth as the password. 
username <username> Specifies the value sent via Xauth as the username. 
passphrase <phrase> Optional. Specifies the value sent via Xauth as the passphrase. This is only 


used with authentication type OTP (one time password). 


Default Values 





By default, if this command is not present in the IKE policy the unit does not act as an Xauth host. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





The specified credentials are programmed into the unit and there is no prompt for entering values 
real-time. Therefore, schemes requiring real-time input or additional responses (e.g., SecurelD) are not 
supported. The client authentication host command and the client authentication server commands 
are mutually exclusive. Refer to client authentication server list <name> on page 2102 for more 
information. 


Usage Examples 





The following example specifies the login credentials to be sent: 


(config-ike)#client authentication host username jsmith password password1 passphrase phrase 
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client authentication host xauth-type 


Use the client authentication host xauth-type command to allow the user to specify the Xauth 
authentication type if a type other than generic is desired. Use the no form of this command to return to the 
default setting. Variations of this command include: 


client authentication host xauth-type generic 
client authentication host xauth-type otp 
client authentication host xauth-type radius 


Syntax Description 





generic Specifies generic authentication type. 
otp Specifies OTP authentication type. 
radius Specifies RADIUS authentication type. 


Default Values 





By default, authentication is set to generic. 


Command History 


Release 5.1 Command was introduced. 


Functional Notes 





This command is used along with the client authentication host username. Refer to client configuration 
pool <name> on page 2103 for more information. When acting as an Xauth host, this command allows the 
user to specify the Xauth authentication type if a type other than generic is desired. 


Usage Examples 





The following example sets the Xauth type to radius: 


(config-ike)#client authentication host xauth-type radius 
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client authentication server list <name> 


Use the client authentication server list command to enable the unit to act as an Xauth server (edge 
device). Use the no form of this command to disable this feature. 


Syntax Description 


<name> Specifies the named list created with the aaa authentication login 
command. 


Default Values 





By default, the router does not act as an Xauth server and extended authentication is not performed. 


Command History 





Release 5.1 Command was introduced. 


Functional Notes 





When this IKE policy is negotiated and the peer has indicated Xauth via the IKE authentication method 
and/or the Xauth vendor ID, this command allows the unit to perform as an Xauth server (edge device). 
The specified AAA login method is used to identify the location of the user authentication database. The 
client authentication host and the client authentication server commands are mutually exclusive. 
Refer to client configuration pool <name> on page 2103 for more information. 


Usage Examples 





The following example enables Xauth as an Xauth server and specifies which AAA method list to use in 
locating the user database: 


(config-ike)#client authentication server list clientusers 
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client configuration pool <name> 


Use the client configuration pool command to configure AOS to perform as mode-config server (edge 
device) when an IKE policy is negotiated. Use the no form of this command to return to the default setting. 
Variations of this command include the following: 


client configuration pool <name> 

client configuration pool <name> initiate 

client configuration pool <name> initiate respond 
client configuration pool <name> respond 

client configuration pool <name> respond initiate 


Syntax Description 





<name> Specifies the pool from which to obtain parameters to assign to the client. 
initiate Enables set/ack (push) mode. 
respond Enables request/response mode. 


Default Values 


By default, if this command is not present in the IKE policy, the ADTRAN device allocates mode-config IP 
addresses, DNS server addresses, and NetBIOS name server addresses, and mode-config is not 
performed. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





This command ties an existing client configuration pool to an IKE policy. 


By using the initiate and respond commands, you can configure the IKE policy to initiate and respond, 
initiate only, or respond only. It is an error if you have both initiate and respond disabled. 


Usage Examples 





The following example ties the ConfigPool1 configuration pool to this IKE policy: 


(config-ike)#client configuration pool ConfigPool1 
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initiate 


Use the initiate command to allow the IKE policy to initiate negotiation (in main mode or aggressive 
mode) with peers. Use the no form of this command to allow the policy to respond only. Variations of this 
command include: 


initiate aggressive 
initiate main 


Syntax Description 





aggressive Specifies to initiate using aggressive mode. Aggressive mode can be used 
when one end of the VPN tunnel has a dynamically assigned address. The 
side with the dynamic address must be the initiator of the traffic and tunnel. 
The side with the static address must be the responder. 

main Specifies to initiate using main mode. Main mode requires that each end of 
the VPN tunnel has a static WAN IP address. Main mode is more secure 
than aggressive mode because more of the main mode negotiations are 
encrypted. 


Default Values 





By default, the main initiation mode is enabled. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





By using the initiate and respond commands, you can configure the IKE policy to initiate and respond, 
initiate only, or respond only. It is an error if you have both initiate and respond disabled. 


Usage Examples 





The following example enables the AOS device to initiate IKE negotiation in main mode: 


(config-ike)#initiate main 
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local-id 


Use the local-id command to set the local ID for the IKE policy. This setting overrides the system local ID 
setting (set in the Global Configuration mode using the crypto ike local-id address command). Use the no 
form of this command to remove a local ID. Variations of this command include: 


local-id address <ip address> 
local-id asn1-dn <name> 
local-id fqdn <name> 
local-id user-fqdn <name> 


Syntax Description 





address <ip address> Specifies a remote IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 

asni-dn <name> Specifies an Abstract Syntax Notation Distinguished Name as the remote ID 
(enter this value in LDAP format). 

fqdn <name> Specifies a fully qualified domain name (e.g., adtran.com) as the remote ID. 

user-fqdn <name> Specifies a user fully qualified domain name or email address (e.g., 


user1@adtran.com) as the remote ID. 


Default Values 


By default, the local ID is not defined. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





The local ID for a particular IKE policy can be set in two ways. The first (default) method is done in the 
Global Configuration mode: 


(config)#crypto ike local-id address 


This command, which by default is executed on start-up, makes the local ID of an IKE policy equal to the 
IPv4 address of the interface on which an IKE negotiation is occurring. This is particularly useful for 
products that could have multiple public interfaces. 


The second method is to use the IKE policy command: 


(config-ike)#local-id [address | fqdn | user-fqdn] </p address or name> 
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This policy-specific command allows you to manually set the local ID for an IKE policy on a per-policy 
basis. You can use both methods simultaneously in the product. Several IKE policies can be created, some 
of which use the default system setting of the |Pv4 address of the public interface. Others can be set to 
override this system setting and manually configure a local ID specific to those policies. When a new IKE 
policy is created, they default to no local-id. This allows the system local ID setting to be applied to the 


policy. 


Usage Examples 





The following example sets the local ID of this IKE policy to the IPv4 address 63.97.45.57: 
(config-ike)#local-id address 63.97.45.57 
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nat-traversal 


Use the nat-traversal command to allow, force, or disable NAT traversal version 1 and 2 on a specific Ike 
policy. Use the no form of these commands to disable these features. Variations of this command include: 


nat-traversal v1 allow 
nat-traversal v1 disable 
nat-traversal v1 force 
nat-traversal v2 allow 
nat-traversal v2 disable 
nat-traversal v2 force 


Syntax Description 





v1 Specifies NAT traversal version 1. 

v2 Specifies NAT traversal version 2. 

allow Sets the IKE policy to allow the specified NAT traversal version. 
disable Sets the IKE policy to disable the specified NAT traversal version. 
force Sets the IKE policy to force the specified NAT traversal version. 


Default Values 





The defaults for this command are nat-traversal v1 allow and nat-traversal v2 allow. 


Command History 





Release 7.1 Command was introduced. 


Usage Examples 





The following example disables version 2 on Ike policy 1: 


(config)#crypto ike policy 1 
(config-ike)#nat-traversal v2 disable 
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peer 


Use the peer command to enter the IP address of the peer device. Repeat this command for multiple peers. 
Use the any keyword if you want to set up a policy that will initiate or respond to any peer. Use the no 
form of this command to remove a peer device. Variations of this command include: 


peer <ip address> 
peer any 


Syntax Description 





<ijp address> Specifies a peer IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


any Allows any peer to connect to this IKE policy. 


Default Values 





There are no default settings for this command. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





An IKE policy is incomplete unless one of the peer commands is specified. Only one IKE policy can be 
configured with peer any. 


Usage Examples 





The following example sets multiple peers on an IKE policy for an initiate-and-respond policy using 
pre-shared secret, DES, MD5, and Diffie-Hellman Group 1: 


config)#crypto ike policy 100 
config-ike)#peer 63.97.45.57 
config-ike)#peer 63.105.15.129 
config-ike)#peer 192.168.1.3 
config-ike)#respond anymode 
config-ike)#initiate main 


aon as8N ae 


The following example sets up a policy allowing any peer to initiate using preshared secret, DES, MD5, 
and Diffie-Hellman Group 1. 


config)#crypto ike policy 100 
config-ike)#peer any 
config-ike)#respond anymode 
config-ike)#initiate main 


aon NN 
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Technology Review 





IKE policies must have a peer address associated with them to allow certain peers to negotiate with the 
ADTRAN product. This is a problem when you have “roaming” users (those who obtain their IP address 
using DHCP or some other dynamic means). To allow for “roaming” users, the IKE policy can be set up 
with peer any to allow any peer to negotiate with the ADTRAN product. There can only be one peer any 
policy in the running configuration. 
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respond 


Use the respond command to allow the IKE policy to respond to negotiations by a peer. Use the no form 
of this command to allow the policy to only initiate negotiations. Variations of this command include: 


respond aggressive 
respond anymode 
respond main 


Syntax Description 





aggressive Specifies to respond only to aggressive mode. 
anymode Specifies to respond to any mode. 
main Specifies to respond only to main mode. 


Default Values 





By default, respond to any mode is enabled. 


Command History 





Release 4.1 Command was introduced. 


Functional Notes 





By using the initiate and respond commands, you can configure the IKE policy to initiate and respond, 
initiate only, or respond only. It is an error if you have both initiate and respond disabled. 


Usage Examples 





The following example configures the router to initiate and respond to IKE negotiations: 


(config-ike)#respond anymode 
(config-ike)#initiate main 
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ROUTING PROTOCOL COMMAND SETS 


This section includes the following command sets: 


¢ AS Path List Configuration Command Set on page 2112 

¢ BGP Configuration Command Set on page 2115 

¢ BGP Neighbor Configuration Command Set on page 2130 

¢ Community List Configuration Command Set on page 2147 

¢ Network Monitor Probe Configuration Command Set on page 2150 

¢ Network Monitor Probe Responder Configuration Command Set on page 2177 
¢ Network Monitor Track Configuration Command Set on page 2185 

¢ Router (OSPF) Configuration Command Set on page 2200 

¢ Router (PIM Sparse) Configuration Command Set on page 2220 

¢ Router (RIP) Configuration Command Set on page 2224 
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AS PATH LIST CONFIGURATION COMMAND SET 


To activate the Autonomous System (AS) Path List Configuration mode, enter the ip as-path-list 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#ip as-class-list listname 
(config-as-path-list)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 


do on page 49 
All other commands for this command set are described in this section in alphabetical order. 


deny <value> on page 2113 
permit <value> on page 2114 
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deny <value> 
Use the deny command to add an entry to the community list that denies BGP routes containing the 


specified community number in the community attribute. Use the no form of this command to remove the 
statement from the community list. 


Syntax Description 





<value> Denies routes that contain this value in their community attribute. This is a 
numeric value that can be an integer from 1 to 4,294,967,295 or string in the 
form aa:nn, where aa is the AS number and nn is the community number. 
Multiple community number parameters can be present in the command. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a community list named MyList to deny BGP routes that match the AS path 
attributes 30:22: 


(config)#ip as-path-list MyList 
(config-as-path-list)#deny 30:22 
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permit <value> 


Use the permit command to add an entry to the community list that allows only BGP routes containing the 
specified community number in the community attribute. Use the no form of this command to remove the 
statement from the community list. 


Syntax Description 





<value> Permits routes that contain this value in their community attribute. This is a 
numeric value that can be an integer from 1 to 4,294,967,295 or string in the 
form aa:nn, where aa is the AS number and nn is the community number. 
Multiple community number parameters can be present in the command. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example creates a community list named MyList to permit BGP routes that match the AS 
path attributes 30:22: 


(config)#ip as-path-list listname 
(config-as-path-list)#permit 30:22 
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BGP CONFIGURATION COMMAND SET 


To activate the BGP Configuration mode, enter the router bgp command at the Global Configuration 
mode prompt. For example: 


>enable 

#configure terminal 
(config)#router bgp 1 
(config-bgp)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 
end on page 50 


All other commands for this command set are described in this section in alphabetical order. 


bgp on page 2116 

bgp default local-preference <value> on page 2117 

bgp fast-external-failover on page 2118 

bgp log-neighbor-changes on page 2119 

bgp router-id <ip address> on page 2120 

distance bgp <external> <internal> <local> on page 2121 
hold-timer <value> on page 2122 

maximum-paths <value> on page 2123 

neighbor <ip address> on page 2124 

network <ip address> mask <subnet mask> on page 2125 
redistribute connected on page 2126 

redistribute ospf on page 2127 

redistribute rip on page 2128 

redistribute static on page 2129 
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bgp 


Use the bgp command to instruct AOS on how to handle Multi-Exit Discriminators (MEDs) for all routes 
from the same autonomous system (AS). Use the no forms of this command to disable these features. 
Variations of this command include: 


bgp always-compare-med 
bgp compare-med 

bgp deterministic-med 
bgp ignore-med 


Syntax Description 





always-compare-med Configures AOS to always compare MEDs for all paths for a route, 
regardless of the AS through which the paths pass. 

compare-med Configures AOS to compare MEDs for all received routes. 

deterministic-med Configures AOS to compare the MEDs for all routes received from different 
neighbors within the same AS. 

ignore-med Configures AOS to disregard MEDs for all received routes. 


Default Values 





By default, AOS compares the MED attributes for routes from the same AS. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables this option: 


(config)#router bgp 1 
(config-bgp)#bgp compare-med 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2116 


Command Reference Guide BGP Configuration Command Set 





bgp default local-preference <value> 


Use the bgp default local-preference command to change the local preference for all BGP routes. The 
local preference is an attribute (LOCAL_PREF) that indicates a degree of preference for a route relative to 
other routes in the local autonomous system (AS). BGP4 neighbors can send the local preference value as 
an attribute of a route inan UPDATE message. Local preference only applies to routes within the local AS. 
Use the no form of this command to return to the default setting. 


Syntax Description 





<value> Specifies the local preference value. Valid range is 0 to 4294967295. 


Default Values 





By default, the local preference is set to 100. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example changes the default local preference to 200: 


(config)#router bgp 1 
(config-bgp)#bgp local-preference 200 
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bgp fast-external-failover 


Use the bgp fast-external-failover command to enable the fast-external-failover feature. Use the no form 
of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





When enabled, if the link interface over which the router is communicating with a BGP peer goes down, the 
BGP session with that peer is immediately cleared. When fallover is disabled and the link goes down, the 
session is maintained until the BGP hold timer expires. 


Usage Examples 





The following example enables this option: 


(config)#router bgp 1 
(config-bgp)#bgp fast-external-fallover 
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bgp log-neighbor-changes 


Use the bgp log-neighbor-changes command to control the logging of neighbor state changes. Use the no 
form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, neighbor changes are not logged. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command controls logging of BGP neighbor state changes (up/down) and resets. This information is 
useful for troubleshooting and determining network stability. 


Usage Examples 





The following example enables logging of BGP neighbor state changes: 


(config)#router bgp 1 
(config-bgp)#bgp log-neighbor-changes 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2119 


Command Reference Guide BGP Configuration Command Set 





bgp router-id </p address> 


Use the bgp router-id command to specify the IP address that the router should use as its BGP router ID. 
Use the no form of this command to return to the default setting. 


Syntax Description 


<ijp address> Designates the IP address this router should use as its BGP router ID. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, no router ID is configured. The default action is detailed in Functional Notes, below. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command allows an IP address to be specified for use as the BGP router ID. If no IP address is 
configured at BGP startup, it uses the highest IP address configured on a loopback interface. If no 
loopback interfaces are configured, it uses the highest IP address configured on any interface that is 
active. If the specified router ID is changed, existing sessions with BGP neighbors are reset. 


Usage Examples 





The following example configures IP address 10.0.0.1 as the BGP router ID: 


(config)#router bgp 1 
(config-bgp)#bgp router-id 10.0.0.1 
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distance bgp <external> <internal> <local> 


Use the distance bgp command to set the administrative distance for BGP routes. Use the no form of this 
command to return to the default setting. 


Syntax Description 
<external> Sets the administrative distance for BGP routes learned via eBGP sessions. 
A value of 255 means the route is not installed. Range is 1 to 254. 


<internal> Sets the administrative distance for BGP routes learned via iBGP sessions. 
A value of 255 means the route is not installed. Range is 1 to 254. 


<local> Sets the administrative distance for BGP routes learned via the network 
command and redistribution. A value of 255 means the route is not 
installed. Range is 1 to 254. 


Default Values 





By default external is set to 20, internal to 200, and local to 200. Normally, these default settings should not 
be changed. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command sets the administrative distance for BGP routes. The administrative distance is a local 
variable that allows a router to choose the best route when there are multiple paths to the same network. 
Routes with smaller administrative distances are favored. 


Usage Examples 





The following example gives external BGP routes an administrative distance of 30, internal BGP routes an 
administrative distance of 200, and local routes an administrative distance of 240: 


(config)#router bgp 1 
(config-bgp)#distance bgp 30 200 240 
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hold-timer <va/ue> 


Use the hold-timer command to set the default hold time for all neighbors in the BGP process. 


Syntax Description 





<value> Specifies a time interval (in seconds) within which a keepalive must be 
received from a peer before it is declared dead peer. Range is 0 to 
65535 seconds. 


Default Values 





By default, the hold time is 90 seconds. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





Using the hold-timer command in BGP configuration mode sets the default hold time for all neighbors in 
that BGP process. Using the hold-timer command in BGP neighbor configuration mode sets the hold time 
for only that neighbor. The peers will negotiate and use the lowest configured setting. The keepalive 
interval will be set to one third of the negotiated hold time. 


Usage Examples 





The following example sets a hold time of 120 seconds for a specific neighbor, with an understood 
keepalive interval of 40 seconds: 


(config)#router bgp 1 
(config-ogp)#hold-timer 120 
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maximum-paths <value> 
Use the maximum-paths command to specify the number of parallel routes (shared paths) eBGP 


neighbors can inject into the route table. When IP load sharing is enabled, traffic is balanced to a specific 
destination across up to six equal paths. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the number of parallel routes eBGP neighbors can inject into the 
route table. Valid range is 1 to 6. 


Default Values 





By default, a single path can exist in the route table. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures AOS to allow 4 parallel paths in the route table: 


(config)#router bgp 1 
(config-bgp)#maximum-paths 4 
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neighbor <ip address> 


Use the neighbor command to create a BGP neighbor, specify an IP address, and activate the BGP 
neighbor configuration commands. Refer to BGP Neighbor Configuration Command Set on page 2130 for 
more information on neighbor-specific configuration parameters. Use the no form of this command to 
remove the configured neighbor. 


Syntax Description 





<ijpp address> Specifies the IP address for the neighbor. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, there are no configured BGP neighbors. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example configures a BGP neighbor with an IP address of 10.10.10.1: 
(config)#router bgp 1 


(config-bgp)#neighbor 10.10.10.1 
(config-ogp-neighbor)# 
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network </p address> mask <subnet mask> 


Use the network command to add a network to the BGP network table. Use the no form of this command 


to remove the configured network. 


Syntax Description 


<ijpp address> Specifies the network address for the neighbor that AOS will advertise over 


BGP. IP addresses should be expressed in dotted decimal notation (for 
example, 10.10.10.1). 

mask <subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


Default Values 





By default, there are no configured BGP networks. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following example adds the 10.10.10.1 network with a subnet mask of 255.255.255.0: 


(config)#router bgp 1 
(config-bgp)#network 10.10.10.1 mask 255.255.255.0 
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redistribute connected 


Use the redistribute connected command to pass routes from one network to another, regardless of the 
routing protocol implemented on the routing domain. Using the connected keyword allows the 
propagation of routes connected to other interfaces using the BGP routing protocol. Use the no form of this 
command to disable the propagation of the specified route type. Variations of this command include: 


redistribute connected 
redistribute connected metric <va/ue> 
redistribute connected route-map <name> 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed 
connected routes in BGP. 


route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 
connected routes in BGP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





BGP does not blindly broadcast out of all interfaces. Instead, the network statement tells which networks to 
include in BGP updates. The redistribute connected command simply covers all connected networks. 


Usage Examples 


The following example passes the connected routes found in the route table to other networks running the 
BGP routing protocol: 


(config)#router bgp 1 
(config-bgp)#redistribute connected 
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redistribute ospf 


Use the redistribute ospf command to advertise routes from one protocol to another, regardless of the 
routing protocol implemented on the routing domain. Using the ospf keyword allows the propagation of 
OSPF routes into BGP. Use the no form of this command to disable the propagation of the specified route 
type. Variations of this command include: 


redistribute ospf 
redistribute ospf metric <va/ue> 
redistribute ospf route-map <name> 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed OSPF 
routes in BGP. 
route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 


OSPF routes in BGP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





Redistributing OSPF routes imports those routes into BGP without specifying those subnets with a network 
statement. The OSPF routes imported this way are not covered by a network command. 


If redistribute ospf is enabled and no metric value is specified, the value defaults to 0. 


Usage Examples 





The following example imports OSPF routes into BGP: 


(config)#router bgp 1 
(config-bgp)#redistribute ospf 
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redistribute rip 


Use the redistribute rip command to advertise routes from one protocol to another, regardless of the 
routing protocol implemented on the routing domain. Using the rip keyword allows the propagation of RIP 
routes into BGP. Use the no form of this command to disable the propagation of the specified route type. 
Variations of this command include: 


redistribute rip 
redistribute rip metric <value> 
redistribute rip route-map <name> 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed RIP 
routes in BGP. 
route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 


RIP routes in BGP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





Redistributing RIP routes imports those routes into BGP. The RIP routes imported this way are not covered 
by a network command. 


If redistribute rip is enabled and no metric value is specified, the value defaults to 0. 


Usage Examples 





The following example imports RIP routes into BGP: 


(config)#router bgp 1 
(config-bgp)#redistribute rip 
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redistribute static 


Use the redistribute static command to pass routes from one network to another, regardless of the routing 
protocol implemented on the routing domain. Using the static keyword allows the propagation of static 
routes into the BGP routing protocol. Use the no form of this command to disable the propagation of the 
specified route type. Variations of this command include: 


redistribute static 
redistribute static metric <va/ue> 
redistribute static route-map <name> 





The gateway network for the static route must participate in BGP by using the network 
command for the gateway network. 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed static 
routes in BGP. 
route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 


static routes in BGP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





Redistributing static routes allows other network devices to learn about routes without requiring manual 
input to each device on the network. 


Usage Examples 





The following example passes the static routes found in the route table to other networks running the BGP 
routing protocol: 


(config)#router bgp 1 
(config-bgp)#redistribute static 
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BGP NEIGHBOR CONFIGURATION COMMAND SET 


To activate the BGP Neighbor Configuration mode, enter the router bgp-neighbor command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#router bgp 1 

(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-ogp-neighbor)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


advertisement-interval <value> on page 2131 
as-path-list <name> on page 2132 
distribute-list <name> on page 2133 
ebgp-multihop <value> on page 2134 
hold-timer <value> on page 2135 

local-as <value> on page 2136 
next-hop-self on page 2138 

no default-originate on page 2139 
password <password> on page 2140 
prefix-list <name> on page 2141 
remote-as <value> on page 2142 
route-map <name> on page 2143 
send-community standard on page 2144 
soft-reconfiguration inbound on page 2145 
update-source <interface> on page 2146 
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advertisement-interval <value> 


Use the advertisement-interval command to configure AOS to specify how long the BGP process waits 
before sending updates to the neighbor. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the advertisement interval in seconds. Range is 0 to 600 seconds. 


Default Values 





By default, the advertisement interval is 30 seconds for external neighbors and 5 seconds for internal 
neighbors. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command sets the minimum interval between sending updates to the specified neighbor. 


Usage Examples 





The following example configures the BGP process to wait at least 100 seconds before sending updates to 
the neighbor: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#advertisement-interval 100 
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as-path-list <name> 


Use the as-path-list command to assign a predefined autonomous system (AS) path list to a BGP 
neighbor. This list is then used to filter inbound and/or outbound BGP route updates. Use the no form of 
this command to discontinue use of the list. Variations of this command include: 


as-path-list <name> in 
as-path-list <name> out 


Syntax Description 





<name> Assigns an AS path list to this BGP neighbor. 
in Specifies the filtering of all inbound BGP route updates. 
out Specifies the filtering of all outbound BGP route updates. 


Default Values 





By default, no AS path lists are specified for filtering. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Before they can be assigned to a neighbor, AS path lists must first be defined using the ip as-path-list 
command. 


Usage Examples 
The following example uses the no15 AS path list to filter all inbound BGP route updates: 
(config)#router bgp 1 


(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#as-path-list no15 in 
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distribute-list <name> 


Use the distribute-list command to add route filtering functionality by assigning inbound and outbound 
access control lists on either a per-interface or global basis. Only one inbound/outbound pair of access 
control lists can be configured for a particular interface. Use the no form of this command to disable the 
filtering. Variations of this command include: 


distribute-list <name> in 
distribute-list <name> out 


Syntax Description 





<name> Specifies an access control list name. This is a standard IP access control 
list (ACL) against which the contents of the incoming/outgoing routing 
updates are matched. 


in Applies route filtering to inbound data. 
out Applies route filtering to outbound data. 


Default Values 





By default, distribute-list filtering is disabled. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example will filter out all network advertisements received via Ethernet interface 0/1 with the 
exception of the 10.10.10.0 network: 


config)#router bgp 1 

config-bgp)#router bgp-neighbor 192.22.73.101 
config-rip)#distribute-list list_1 in eth 0/1 
config-rip)#exit 

config)#ip access-list standard list_1 
config-std-nacl)#permit 10.10.10.0 0.0.0.255 


a mn n= = 
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ebgp-multihop <value> 


Use the ebgp-multihop command to configure the maximum hop count of BGP messages to a neighbor. 
Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the maximum hop count of BGP messages to a neighbor. 
Range is 1 to 254 hops. 


Default Values 





By default, eBGP multihop is set to 1. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





This command allows an eBGP neighbor to be on a network that is not directly connected. Normally, eBGP 
peers are directly connected. In certain applications, a non-BGP device such as a firewall or router may 
reside between eBGP peers. In this case, the eBGP multihop command is required to allow updates to 
have a TTL greater than 1 and to allow received BGP updates to be added to the BGP table when the next 
hop address is not directly connected. 


Usage Examples 





The following example allows a BGP message to travel 10 hops to a neighbor: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#ebgp-multihop 10 
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hold-timer <va/ue> 


Use the hold-timer command to set the default hold time for all neighbors in the BGP process. Use the no 
form of this command to return to the default setting. 


Syntax Description 


<value> Specifies a time interval (in seconds) within which a keepalive must be 
received from a peer before it is declared dead peer. Range is 0 to 
65535 seconds. 


Default Values 





By default, the hold time is 90 seconds. 


Command History 





Release 8.1 Command was introduced. 


Functional Notes 





Using the hold-timer command in BGP configuration mode sets the default hold time for all neighbors in 
that BGP process. Using the hold-timer command in BGP neighbor configuration mode sets the hold time 
for only that neighbor. The peers will negotiate and use the lowest configured setting. The keepalive 
interval will be set to one-third of the negotiated hold time. 


Usage Examples 





The following example sets a hold time of 120 seconds for a specific neighbor, with an understood 
keepalive interval of 40 seconds: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-ogp-neighbor)#hold-timer 120 
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local-as <value> 


Use the local-as command to specify an autonomous system (AS) number for the unit to use when 
communicating with this BGP neighbor. Use the no form of this command to return to default settings. 


Syntax Description 


<value> Specifies the AS number to use when communicating with this neighbor. 
Must be different than the AS number for this router and the peer router. 
Only valid for eBGP connections. Range is 0 to 65,535. 


Default Values 





By default, no local AS number is defined. The router’s BGP AS number is used. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





This command substitutes a different AS number to be used for communicating with this BGP neighbor. 
(other than the one the router is actually a member of). This can be used to satisfy network designs 
requiring a customer to appear as one AS number when communicating with one internet service provider 
(ISP) and another when communicating with another ISP. 


Usage Examples 





The following example configures this BGP neighbor’s AS number to be 300: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#local-as 300 


Technology Review 





This router appears (to the peer router) to be in the AS specified with the local-as command. Therefore all 
routes learned from the peer have this number prepended to the AS path. In network advertisements from 
routers using the local-as command, the router’s true AS number (the number specified using the router 
bgp as-number command) is prepended to the AS path attribute, and the local-AS (the number specified 
in the neighbor local-as command) is prepended to the AS path attribute. This makes it appear that the 
path to the network is first through the local-AS, and then through the true AS. To further illustrate, consider 
the following example network. 
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In this network: 


* Router A is in AS 100. 

* Router B is in AS 300. 

¢ Router A is an eBGP peer with Router B. 

« Router A’s connection to Router B specifies a local-as of 200. 
¢ Router B is configured to connect to Router A in AS 200. 


Therefore: 


¢ To Router B, all aspects of Router A appear as AS 200. 

¢ Networks advertised from Router A to Router B will have the AS path 200 100 prepended to the AS path 
attribute. 

« Router A will add AS 200 to the AS path of networks learned from Router B. 
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next-hop-self 


Use the next-hop-self command to force the next hop attribute to be changed to this unit’s address when 
advertising networks that would not have the next hop changed under normal rules. Normal next hop rules 
are described in the Functional Notes section below. Use the no form of this command to cause normal 
next hop rules to apply. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled and normal next hop rules apply. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





In eBGP, routes are normally advertised with a next hop set to the IP address that the receiving peer has 
configured in its neighbor statement for this router. In the eBGP case where the receiving router is in the 
same subnet as the current next hop, the current next hop is not changed. 


For broadcast multiaccess networks (Ethernet), this provides more efficient routing. For non-broadcast 
multiaccess networks (NBMA) such as Frame Relay with a partial mesh using point-to-multipoint circuits, 
this rule can cause significant problems. Since the partial mesh is on the same subnet, BGP applies the 
rule of not changing the next hop address, rendering invalid routes in certain topologies. This is one case 
where this command is necessary to solve a problem. 


Usage Examples 





The following example enables next-hop-self: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#next-hop-self 
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no default-originate 


Use the no default-originate command to prevent the unit from sending the default route to a BGP 
neighbor. This command must be issued on a per neighbor basis. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the default route is not sent to the BGP neighbor. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example prevents the unit from sending the default route to a BGP neighbor: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#no default-originate 
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password <password> 


Use the password command to enable MD5 password authentication on TCP. Use the no form of this 
command to disable authentication. 


Syntax Description 


<password> Specifies the password string to be used for authentication. The password 
is case-sensitive and must not exceed 80 characters. 


Default Values 





By default, authentication is disabled. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Authentication must be configured on both peers using the same password. Every BGP TCP segment sent 
is authenticated. Configuring authentication causes an existing session to be torn down and re-established 
using the currently specified authentication. 


Usage Examples 





The following example enables authentication for this BGP neighbor and sets a password of user1: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#password user1 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2140 


Command Reference Guide BGP Neighbor Configuration Command Set 





prefix-list <name> 


Use the prefix-list command to assign a predefined prefix list to a BGP neighbor. The list is then used to 
filter BGP route updates received and/or sent from/by the specified peer. Use the no form of this command 
to discontinue use of the prefix list. Variations of this command include: 


prefix-list <name> in 
prefix-list <name> out 


Syntax Description 





<name> Assigns the specified prefix list to this BGP neighbor. 


in Specifies that all inbound BGP route updates received from the specified 
peer be filtered. 


out Specifies that all outbound BGP route updates being sent to the specified 
peer be filtered. 


Default Values 





By default, no prefix lists are specified for filtering. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Before they can be assigned to a BGP neighbor, prefix lists must first be defined using the ip prefix-list 
command. Refer to ip prefix-list <name> description <“text’> on page 756 for more information. 


Usage Examples 





The following example uses the MyList prefix list to filter all BGP updates received from the specified peer: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#prefix-list MyList in 
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remote-as <value> 


Use the remote-as command to specify the BGP autonomous system (AS) to which the neighbor belongs, 
adding an entry to the BGP neighbor table. Use the no form of this command to return to default settings. 


Syntax Description 


<value> Specifies the AS number. This number must be different from the AS 
number of the local router (which is defined using the router bgp 
command). Range is 1 to 65,535. Refer to router bgp on page 899 for more 
information. 


Default Values 





By default, no BGP neighbors are defined. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 
The following example configures a remote AS number of 200 for this neighbor: 
(config)#router bgp 1 


(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#remote-as 200 
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route-map <name> 


Use the route-map command to assign a route map to this BGP neighbor. The route map is then used to 
filter or modify inbound and/or outbound BGP route updates. Use the no form of this command to return to 
default settings. Variations of this command include: 


route-map <name> in 
route-map <name> out 


Syntax Description 





<name> Assigns the specified route map to this BGP neighbor. 
in Specifies the filtering/modification of all inbound BGP route updates. 
out Specifies the filtering/modification of all outbound BGP route updates. 


Default Values 





By default, no route map is assigned. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Before a route map can be assigned to a BGP neighbor, it must first be defined using the route-map 
command. Refer to route-map on page 898 for more information. 


Usage Examples 


The following example assigns a route map to this neighbor for outbound filtering: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#route-map MapName out 
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send-community standard 


Use the send-community standard command to insert a standard BGP community attribute to all 
outgoing route updates for this neighbor. Use the no form of this command to return to default settings. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example inserts a standard BGP community attribute to all outgoing route updates for the 
specified neighbor: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#send-community standard 
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soft-reconfiguration inbound 


Use the soft-reconfiguration inbound command to enable this unit to store BGP updates for the specified 
neighbor. Use the no form of this command to return to default settings. 


Syntax Description 


No subcommanas. 


Default Values 





By default, this command is enabled. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





BGP updates are stored prior to filtering, thus allowing the clear ip bgp soft command to be used in the 
absence of route refresh (RFC2918) capability. This command affects all neighbors. Refer to clear ip bgp 
on page 82 for more information. 


Usage Examples 





The following example enables the unit to store BGP updates for the specified neighbor: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#soft-reconfiguration inbound 
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update-source <interface> 
Use the update-source command to specify which virtual interface’s IP address will be used as the source 


IP address for the BGP TCP connection (when connecting to this peer). Use the no form of this command 
to return to default settings. 


Syntax Description 





<interface> Specifies the virtual interface to be used as the source IP address. Specify 
an interface in the format <interface type [slot/port | slot/port.subinterface id 
| interface id | interface id.subinterface id | ap | ap/radio | ap/radio. vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use atm 
1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
update-source ? for a complete list of valid interfaces. 


Default Values 





By default, the outbound interface's IP address is used for BGP updates. 


Command History 





Release 9.3 Command was introduced. 
Release 14.1 Command was expanded to include ATM and HDLC interfaces. 


Functional Notes 





This is most often configured as a loopback interface that is reachable by the peer router. The peer will 
specify this address in its neighbor commands for this router. 


Usage Examples 





The following example configures the loopback 1 interface as the source IP: 


(config)#router bgp 1 
(config-bgp)#router bgp-neighbor 192.22.73.101 
(config-bgp-neighbor)#update-source loopback 1 
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COMMUNITY LIST CONFIGURATION COMMAND SET 





To activate the Community List Configuration mode, enter the ip community-list command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#ip community-list listname 
(config-comm-list)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 


do on page 49 
All other commands for this command set are described in this section in alphabetical order. 


deny on page 2148 
permit on page 2149 
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deny 


Use the deny command to add an entry to the community list that denies BGP routes containing the 
specified community number in the community attribute. Use the no form of this command to remove the 
statement from the community list. Variations of this command include: 


deny <value> 
deny internet 

deny local-as 
deny no-advertise 
deny no-export 


Syntax Description 





<value> Denies routes that contain this value in their community attribute. This is a 
numeric value that can be an integer from 1 to 4,294,967,295 or string in the 
form aa:nn, where aa is the AS number and nn is the community number. 
Multiple community number parameters can be present in the command. 


internet Denies routes that contain the reserved community number for the Internet 
community. 
local-as Denies routes that contain the reserved community number for 


NO_EXPORT_SUBCONFED. Routes containing this attribute should not 
be advertised to external BGP peers. 


no-advertise Denies routes that contain the reserved community number for 
NO_ADVERTISE. Routes containing this attribute should not be advertised 
to any BGP peer. 


no-export Denies routes that contain the reserved community number for 
NO_EXPORT. Routes containing this attribute should not be advertised to 
BGP peers outside a confederation boundary. 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 


The following example creates a community list named MyList to deny BGP routes that have the Internet 
community number in their community attribute: 


(config)#ip community-list MyList 
(config-comm-list)}#deny no-export 
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permit 


Use the permit command to add an entry to the community list that allows only BGP routes containing the 
specified community number in the community attribute. Use the no form of this command to remove the 
statement from the community list. Variations of this command include: 


permit <va/ue> 
permit internet 
permit local-as 
permit no-advertise 
permit no-export 


Syntax Description 





<value> Permits routes that contain this value in their community attribute. This is a 
numeric value that can be an integer from 1 to 4,294,967,295 or string in the 
form aa:nn, where aa is the AS number and nn is the community number. 
Multiple community number parameters can be present in the command. 


internet Permits routes that contain the reserved community number for the Internet 
community. 
local-as Permits routes that the reserved community number for 


NO_EXPORT_SUBCONFED. Routes containing this attribute should not 
be advertised to external BGP peers. 


no-advertise Permits routes that contain the reserved community number for 
NO_ADVERTISE. Routes containing this attribute should not be advertised 
to any BGP peer. 


no-export Permits routes that contain the reserved community number for 
NO_EXPORT. Routes containing this attribute should not be advertised to 
BGP peers outside a confederation boundary. 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 


The following example permits BGP routes that match the AS path attributes: 


(config)#ip as-path-list listname 
(config-comm-list)#permit 30:22 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2149 


Command Reference Guide Network Monitor Probe Configuration Command Set 





NETWORK MONITOR PROBE CONFIGURATION COMMAND SET 


This section explains the commands available for Network Monitoring Probes. Probes are software agents 
that send test traffic across a network path. Tracks are stand alone objects which can help determine the 
status of a route based on the success or failure of a probe. The probes can be configured to trigger at 
particular intervals. There are five types of probes supported by ADTRAN Operating System (AOS): 
Internet Control Message Protocol (ICMP) echo, Transmission Control Protocol (TCP) connect, 
HyperText Transfer Protocol (HTTP) request, Two-Way Active Measurement Protocol (TWAMP), and 
ICMP timestamp. Commands common to all the probe types are identified in the following section, as well 
as isolated commands that only apply to the specific probe types. 


Additional configuration commands are available for associating tracks with each probe. These are 
explained in the Network Monitor Track Configuration Command Set on page 2185. 


To activate the Network Monitor Probe Configuration mode, enter the probe command at the Global 
Configuration mode prompt followed by the probe name. Specify the probe type of icmp-echo, 
tcp-connect, http-request, icmp-timestamp, and twamp. For example: 


>enable 

#configure terminal 
(config)#probe probe1 icmp-echo 
(config-probe-probe1 )# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 
exit on page 51 


The following commands are applicable to ICMP echo probe types and can be executed after this 
command: 


(config)#probe <probe name> icmp-echo 


data <pattern> on page 2157 

destination on page 2158 

period <value> on page 2164 

shutdown on page 2167 

size <payload length> on page 2168 
source-address <ip address> on page 2169 
timeout <value> on page 2173 

tolerance on page 2174 
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The following commands are applicable to TCP connect probe types and can be executed after this 
command: 


(config)#probe <probe name> tcp-connect 


destination on page 2158 

period <value> on page 2164 

shutdown on page 2167 

source-address <ip address> on page 2169 
source-port <port> on page 2170 

timeout <value> on page 2173 

tolerance on page 2174 


The following commands are applicable to HTTP request probe types and can be executed after this 


command: 


(config)#probe <probe name> http-request 


absolute-path <name> on page 2153 
destination on page 2158 

expect regex <expression> on page 2160 
expect status <minimum> <maximum> on page 2161 
period <value> on page 2164 

raw-string on page 2165 

shutdown on page 2167 

source-address <ip address> on page 2169 
source-port <port> on page 2170 

timeout <value> on page 2173 

tolerance on page 2174 

type on page 2176 


The following commands are applicable to ICMP timestamp probe types and can be executed after this 


command: 


(config)#probe <probe name> icmp-timestamp 


data on page 2156 

destination on page 2158 

dscp <value> on page 2159 

history-depth <value> on page 2162 
num-packets <value> on page 2163 

period <value> on page 2164 

send-schedule periodic <value> on page 2166 
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shutdown on page 2167 

size <payload length> on page 2168 
source-address <ip address> on page 2169 
threshold on page 2171 

timeout <value> on page 2173 

tolerance on page 2174 


The following commands are applicable to TWAMP probe types and can be executed after this command: 


(config)#probe <probe name> twamp 


auth-mode open on page 2154 

control on page 2155 

data on page 2156 

destination on page 2158 

dscp <value> on page 2159 

history-depth <value> on page 2162 
num-packets <value> on page 2163 
period <value> on page 2164 
send-schedule periodic <value> on page 2166 
shutdown on page 2167 

size <payload length> on page 2168 
source-address <ip address> on page 2169 
source-port <port> on page 2170 
threshold on page 2171 

timeout <value> on page 2173 

tolerance on page 2174 
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absolute-path <name> 


Use the absolute-path command to specify the server’s root path. Use the no form of this command to 
return to the default setting. 


Syntax Description 


<name> Specifies a path name. 


Default Values 





By default, the path name is the forward slash symbol (/ ). 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> http-request command set. 


Usage Examples 





The following example sets the absolute path to /home/index.html: 


(config)#probe probe1 http-request 
(config-probe-probe1 )#absolute-path/home/index.html 
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auth-mode open 


Use the auth-mode open command to specify the authentication mode the probe must use for 
communication. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the authentication mode is open. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> twamp command set. 


Usage Examples 





The following example sets the authentication mode to open: 


(config)#probe probe1 twamp 
(config-probe-probe1 )#auth-mode open 
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control 


Use the control command to specify source and destination ports. Use the no form of this command to 
return to the default setting. Variations of this command include: 


control dest-port owamp-control 
control dest-port <port> 
control source-port <port> 


Syntax Description 





dest-port Specifies the type of destination control port. 
owamp-control Specifies the destination One-Way Active Measurement Protocol (OWAMP) 
control port (861). 
<port> Specifies the destination Two-Way Active Measurement Protocol (TWAMP) 


control port. The valid range is 1 to 65535. 
source-port <port> Specifies the TWAMP source control port. The valid range is 0 to 65535. 


Default Values 





By default, the source-port is 0 which means that the source port will be dynamically selected by the probe. 
There is no default destination port. 


Command History 


Release 17.2 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> twamp command set. 


Usage Examples 


The following example specifies a destination control port for the probe probe: 


(config)#probe probe1 twamp 
(config-probe-probe1 )#control dest-port owamp-control 
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data 


Use the data command to specify the data for padding a measurement packet. Payload data specifies the 
data used to pad a measurement packet. Payload data can consists of all zeros pattern, a random pattern, or 
a user-defined pattern. If the payload size is greater than the length of the pattern, the pattern will be 
reapeated. Use the no form of this command to return to the default setting. Variations of this command 
include: 


data pattern ascii <string> 
data pattern hex <string> 
data random 

data zero 


Syntax Description 





<pattern> Specifies a hexadecimal data pattern. 


Default Values 





By default, the data pattern is set to zero. 


Command History 





Release 17.2 Command was introduced to function with TWAMP and ICMP timestamp 
probes only. 


Functional Notes 





This command can only be executed while in the probe <name> twamp and 
probe <name> icmp-timestamp command set. 


Usage Examples 





The following example specifies a data pattern as random: 


(config)#probe probe2 twamp 
(config-probe-probe2)#data random 
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data <pattern> 


Use the data command to specify a hexadecimal pattern to repeat in the Internet Control Message Protocol 
(ICMP) packet data section. Use the no form of this command to return to the default setting. 


Syntax Description 


<pattern> Specifies a hexadecimal data pattern. 


Default Values 





By default, the data pattern is a standard ping packet pattern of data values starting with 0x00, 
incrementing by one for the length of the packet. Refer to ping on page 35 for more information on ping 
packet data patterns. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies a data pattern of OFFO for probe1: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#data OFFO 
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destination 


Use the destination command to specify the destination host name and port for the probe object. Use the 
no form of this command to remove the setting. Variations of this command include: 


destination <hostname> 
destination <hostname> port <number> 
destination <ip address> 
destination </p address> port <number> 





‘ore The probe is not operational until a destination is defined. 





Syntax Description 





<hostname> Specifies the IP host by name. 


<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


port <number> Optional. Specifies port number. This feature is not used with icmp-echo 
probes. The valid range is 1 to 65535. 


Default Values 





By default, there is no setting for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies www.adtran.com as the host and port 21 (FTP) as the destination for 
probe: 


(config)#probe probe1 http-request 
(config-probe-probe1 )#destination www.adtran.com port 21 
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dscp <value> 


Use the dscp command to specify the differentiated services code point (DSCP) value placed in the test 
packets. Use the no form of this command to return to the default setting. 


Syntax Description 
<value> Specifies the DSCP value. The range is 0 to 63. 


Default Values 
By default, the DSCP value is 0. 





Command History 





Release 13.1 Command was introduced. 
Release 17.2 Command was added to the TWAMP and ICMP timestamp probes. 


Usage Examples 





The following example specifies DSCP value to be placed in the probe: 


(config)#probe probe2 icmp-timestamp 
(config-probe-probe2)#dscp 15 
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expect regex <expression> 
Use the expect regex command to configure the probe to expect a regular expression inside the contents of 


the HyperText Transfer Protocol (HTTP) response message. If the regular expression does not match 
anything, the probe fails. Use the no form of this command to return to the default setting. 


Syntax Description 





<expression> Specifies the expression to display. 


Default Values 





By default, no regular expression is defined. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> http-request command set. 


Usage Examples 





The following example only allows the probe’ test to pass if the word success is found in the HTTP server 
response message: 


(config)#probe probe1 http-request 
(config-probe-probe1 )#expect regex success 
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expect status <minimum> <maximum> 


Use the expect status command to configure the probe to expect a specific status code in response to an 
HyperText Transfer Protocol (HTTP) request message. If a different status code is returned, the probe 
fails. Use the no form of this command to return to the default setting. Variations of this command include: 


expect status <minimum> 
expect status <minimum> <maximum> 


Syntax Description 





<minimum> Specifies a minimum number value for the status code. Valid range is 
0 to 999. 
<maximum> Optional. Specifies a maximum number to create a range of status codes. 


Valid range is 0 to 999. 


Default Values 


By default, there is no setting for this command. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> http-request command set. 


Specifying only a minimum value indicates only one value can match the status code. Entering a maximum 
value indicates a range of possible matches. 


Usage Examples 


The following example configures probe! to expect a status code of 200 (the status of a successful HTTP 
request): 


(config)#probe probe1 http-request 
(config-probe-probe1 )#expect status 200 
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history-depth <value> 


Use the history-depth command to specify the number of probe operation results allowed to be stored in 
the unit’s memory. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the number of probe operation results to keep in the history 
memory. The range is 1 to 120. 


Default Values 





By default, the history-depth value is set to 1. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> icmp-timestamp or 
probe <name> twamp command set. 


Usage Examples 





The following example specifies the number of probe results that can be stored in the unit: 


(config)#probe probe2 icmp-timestamp 
(config-probe-probe2)#history-depth 30 
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num-packets <va/ue> 


Use the num-packets command to specify the number of packets to send and receive during a single probe 
operation. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the number of packets. Valid range is 1 to 1000 packets. 


Default Values 





By default, the num-packets is set to 10. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies sending 10 packets during the probe test: 


(config)#probe probe3 twamp 
(config-probe-probe3)#num-packets 10 
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period <value> 


Use the period command to specify the time between probe test attempts. Use the no form of this 
command to return to the default setting. 


Syntax Description 


<value> Specifies the time (in seconds) between probe test attempts. Valid range is 
1 to 65535 seconds. 


Default Values 





By default, the period between probe tests is 60 seconds. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example specifies probe’ to initiate probe tests every 90 seconds: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#period 90 
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raw-string 
Use the raw-string command to enter text to appear in the data portion of a HyperText Transfer Protocol 


(HTTP) request. Refer to ping on page 277 for more details on the output text. Use the no form of this 
command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





There is no default value for this command. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> http-request command set. The type 
should be set to RAW. Refer to tolerance on page 2174 for more information. 


The following system variables can be used in the text: 


$SYSTEM_NAME = The host name of the system. 
$SYSTEM_SERIAL_NUMBER = The serial number of the system. 
$SYSTEM_DESCRIPTION = The product name and part number of the system. 
$SYSTEM_SOFTWARE_VERSION = The firmware version of the system. 


Usage Examples 





The following example configures a RAW HTTP request that attempts to access update.php on the Web 
server. This command could be useful if the server administrator creates a PHP script that logs network 

connectivity information. Additional information (the router name and its uptime) placed after update.php 
is sent to the HTTP server. 


(config)#probe probe http-request 

(config-probe-probe1 )#raw-string 
GET/update.php?hostname=$SYSTEM_NAME&uptime=$SYSTEM_UPTIME HTTP/1.0 
\r\n 
\r\n 
exit 
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send-schedule periodic <value> 
Use the send-schedule periodic command to specify the amount of time (in milliseconds) between 
sending individual test packets during the probe. Use the no form of this command to return to the default 


setting. 


Syntax Description 





<value> Specifies the time interval between the individual packets. The valid range 
is 5 to 5000 milliseconds. 


Default Values 





By default, the time interval is 20 milliseconds. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies a 45 millisecond time interval between the packets during probe’ test: 


(config)#probe probe1 twamp 
(config-probe-probe1 )#send-schedule periodic 45 
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shutdown 
Use the shutdown command to disable a probe and cause it to cease generating traffic. While a probe is 


shut down, it will return a fail value to a track. Use the no form of this command to enable a probe to 
generate traffic. 


Syntax Description 





No subcommanas. 


Default Values 





By default, probes are shut down when created. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





A probe must be created first using the probe command. Refer to probe on page 885 for more information. 
Issuing the shutdown command at the probe configuration prompt will disable a probe, causing it to cease 
generating traffic. 


Usage Examples 





The following example disables probe1: 


(config)#probe probe1 http-request 
(config-probe-probe1 )#shutdown 
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size <payload length> 


Use the size command to specify the length of the probe's test packet payload. Use the no form of this 
command to return to the default setting. 


Syntax Description 
<payload length> Specifies size of test packet's payload. Valid range is 0 to 1462 bytes. 


Default Values 





By default, the payload length is 0 bytes. 


Command History 





Release 13.1 Command was introduced. 
Release 17.2 Command was updated with a new default, range, and description. 


Usage Examples 





The following example sets the length of the ICMP echo packet’s padding field for probe1 to 25 bytes: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#size 25 
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source-address </p address> 


Use the source-address command to associate an Internet Protocol (IP) address source for probe traffic. 
Use the no form of this command to remove the source IP address. 


Syntax Description 


<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


Default Values 





By default, the IP address of the outbound interface is used. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





A valid local IP address must be entered for proper functionality. 


Usage Examples 





The following example configures the source IP address on probe: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#source-address 10.10.10.1 
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source-port <port> 


Use the source-port command to specify a port source to use for probe traffic. Use the no form of this 
command to return to the default setting. 


Syntax Description 
<port> Specifies the port number. Valid range is 0 to 65535. 


Default Values 





By default, the port is set to 0 by default which means that the probe will dynamically select the port 
number.. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example configures the source port on probe as 5000: 


(config)#probe probe http-request 
(config-probe-probe1 )#source-port 5000 
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threshold 


Use the threshold command to specify the criteria for a probe to be declared as passing or failing for the 
delay, ipdv-abs, and packet-loss values measured by the probe. Any combination of direction and type of 
threshold can be simultaneously configured and performed during the probe. Use the no form of this 
command to return to the default setting. Variations of this command include the following: 


threshold delay [in | out | round-trip] [avg | max | min] <fail value> <pass value> 
threshold ipdv-abs [in | out | round-trip] [avg | max | min] <fai/ value> <pass value> 
threshold packet-loss round-trip [avg | max | min] <fai/ value> <pass value> 


Syntax Description 





delay 


ipdv-abs 


min 
round-trip 
packet-loss 


round-trip 
avg 
max 
min 
<fail value> 


<pass value> 


Specifies the thresholds for changing the state of the probe between pass 
and fail based on the measured delay. The fail and pass value range is 
-2147483648 to 2147483647 milliseconds. 


Specifies the thresholds for changing the state of the probe between pass 
and fail based on measured Inter Packet Delay Variance (IPDV). The fail 
and pass value range is 0 to 4294967295 milliseconds. 


Specifies inbound delay or IPDV. 

Specifies the inbound average delay or IPDV. 
Specifies the inbound maximum delay or IPDV. 
Specifies the inbound minimum delay or IPDV. 
Specifies outbound delay or IPDV. 

Specifies the outbound average delay or IPDV. 
Specifies the outbound maximum delay or IPDV. 
Specifies the outbound minimum delay or IPDV. 
Specifies round trip delay or IPDV. 


Specifies the thresholds for changing the state of the probe between pass 
and fail based on measured packet loss. The fail and pass value range is 
1 to 1000 packets. 


Specifies round trip packet loss. 

Specifies the average round trip packet loss. 

Specifies the maximum round trip packet loss. 

Specifies the minimum round trip packet loss. 

Specifies the probe’s failing value. Refer to the specific threshold type 
above for the valid range. 

Specifies the probe’s passing value. Refer to the specific threshold type 
above for the valid range. 
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Default Values 





By default, the delay pass and fail value is 2147483647 milliseconds, the ipdv-abs pass and fail value is 
4294967295 milliseconds, and the packet-loss pass and fail value is 1000. This disables each of these 
thresholds by default. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example configures the probe to fail if it loses 100 packets and change to pass if packet loss 
is below 75: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#threshold packet-loss in max 100 75 
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timeout <value> 


Use the timeout command to specify the amount of time to wait for a test result before determining a 
failure. Use the no form of this command to remove the timeout setting. 


Syntax Description 


<value> Specifies the timeout value in milliseconds. This value must be less than the 
probe period value (refer to dscp <value> on page 2159). Valid range is 
1 to 900000 milliseconds. 


Default Values 





By default, the timeout is 2000 milliseconds, and 10000 milliseconds (10 seconds) for TCP connect probes 
and 10000 milliseconds (10 seconds) HTTP request probes. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 


The following example configures AOS to wait 90 milliseconds before determining a failure on probe1: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#timeout 90 
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tolerance 


Use the tolerance command to configure the tolerance limit for test failures before returning a fail status 
from the probe. Limits can be specified for consecutive failures or by rate of failure. Tolerance levels can 
also be different based upon whether the probe is transitioning to the pass or fail state. Use the no form of 
this command to remove tolerance levels from probes. Variations of this command include: 


tolerance consecutive fail <number> 

tolerance consecutive pass <number> 

tolerance consecutive fail <number> pass <number> 
tolerance rate fail <number> of <set size> 

tolerance rate pass <number> of <set size> 

tolerance rate fail <number> pass <number> of <set size> 





‘wore The probe is not operational until tolerance is defined. 





Syntax Description 


consecutive Specifies that the probe state transitions occur only after a consecutive 
number of test results conflict with the current state. 

rate Specifies that the probe state transitions occur after a certain ratio of test 
results conflict with the current state. 

fail <number> Specifies the number of failures that must occur before transitioning the 
probe to the FAIL state. Valid ranges are 1 to 255 consecutive failures and 
1 to 254 failures per set. 


pass <number> Specifies the number of passes before transitioning the probe to the PASS 
state. Valid ranges are 1 to 255 consecutive passes and 1 to 254 passes 
per set. 

of <set size> Specifies test set size for rate configuration. Valid range is 1 to 255. 


Default Values 





By default, there are no configured tolerance levels. Therefore, a probe that does not have a defined 
tolerance will never fail. 


When probes are set in consecutive mode, any state not explicitly configured has its tolerance value set 
to 1. 


In rate mode, any state not explicitly configured has its tolerance value set to 1+s-t, where ‘s’ is the set size 
and ‘t’ is the value of the other state. 
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Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command revised to include pass and fail values. 
Release 17.2 Command was added to the TWAMP and ICMP timestamp probes. 


Functional Notes 





This command has been modified from its original form. All tolerance configurations before Revision 15.1 
are deprecated but will be supported for existing units that are upgraded. 


Usage Examples 





The following example configures probe’ to allow 10 consecutive failures before changing the probe 
status to FAIL, and requires 5 consecutive passes to change its status to PASS when in the FAIL state: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#tolerance consecutive fail 10 pass 5 


In the following example, the probe is configured for rate tolerance. To move to the FAIL state, 5 of the last 
10 tests must fail. Once in this state, 8 of the last 10 tests must pass in order to transition the probe back to 
PASS: 


(config)#probe probe1 icmp-echo 
(config-probe-probe1 )#tolerance rate fail 5 pass 8 of 10 
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type 


Use the type command to specify a HyperText Transfer Protocol (HTTP) request type. Use the no form of 
this command to return to the default setting. Variations of this command include: 


type get 


type head 
type raw 


Syntax Description 





get Specifies the probe to use HTTP get request. 
head Specifies the probe to use HTTP head request. 
raw Specifies the probe to use HTTP raw request. 


Default Values 





By default, the probe’s HTTP request is set to get. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





This command can only be executed while in the probe <name> http-request command set. 


Usage Examples 





The following example configures probe1 to use HTTP request raw: 


(config)#probe probe1 http-request 
(config-probe-probe1 )#type raw 
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NETWORK MONITOR PROBE RESPONDER CONFIGURATION 
COMMAND SET 


This section explains the commands available for Network Monitoring Probe Responders. A probe 
responder is the general term used for a variety of server applications that respond to the network monitor 
probe types. The Two-Way Active Measurement Protocol (TWAMP) probe responder encompasses the 
responder side of the TWAMP-Control protocol by responding to TWAMP-Control messages and acting as 
a remote endpoint for test packets. The Internet Control Message Protocol (ICMP)-timestamp probe 
responder responds to ICMP timestamp request packets so that it can act as a remote endpoint for ICMP 
timestamp probes. Commands common to all the probe responder types are identified in the following 
section, as well as isolated commands that only apply to the specific probe responder types. 


To activate the Network Monitor Probe Responder Configuration mode, enter the probe responder 
command at the Global Configuration mode prompt followed by the probe type. Specify the probe 
responder type of icmp-timestamp, twamp, and udp-echo. For example: 


>enable 

#configure terminal 
(config)#probe responder twamp 
(config-responder-twamp)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


do on page 49 
exit on page 51 


The following commands are applicable to ICMP timestamp probe responder types and can be executed 
after this command: 


(config)#probe responder icmp-timestamp 


access-class <name> in on page 2179 


shutdown on page 2183 
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The following commands are applicable to TWAMP probe responder types and can be executed after this 
command: 


(config)#probe responder twamp 


access-class <name> in on page 2179 
control source-port on page 2150 
max-sessions <value> on page 2181 
port <value> on page 2182 

shutdown on page 2183 


source-interface <interface> on page 2184 


The following commands are applicable to User Datagram Protocol (UDP) echo probe responder types and 
can be executed after this command: 


(config)#probe responder udp-echo 


access-class <name> in on page 2179 
port <value> on page 2182 
shutdown on page 2183 


source-interface <interface> on page 2184 
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access-class <name> in 


Use the access-class in command to specify an access control list (ACL) to filter access to the responder. 
Use the no form of this command to remove the ACL from the responder. 


Syntax Description 


<name> Specifies a name of the ACL. 


Default Values 





By default, no ACL is configured. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example sets an ACL for the TWAMP responder: 


(config)#probe responder twamp 
(config-responder-twamp)#access-class Anet in 
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control source-port 


Use the control source-port command to specify the Two-Way Active Measurement Protocol (TWAMP) 
source control port. Use the no form of this command to return to the default setting. Variations of this 
command include: 


control source-port owamp-control 
control source-port <port> 


Syntax Description 





owamp-control Specifies One-Way Active Measurement Protocol (OWAMP) control port 
(861) as the source port. 

<port> Specifies a TWAMP control port as the source port. The valid range is 1 to 
65535. 


Default Values 


No default is set for this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies the OWAMP control port as the source control port for the TWAMP 
responder: 


(config)#probe responder twamp 
(config-responder-twamp)#control source-port owamp-control 
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max-sessions <value> 


Use the max-sessions command to specify the number of simultaneous TWAMP-control sessions the 
responder can handle. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the maximum number of simultaneous TWAMP-control sessions. 


Default Values 





By default, the maximum sessions is 10. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies the max-sessions value of 5: 


(config)#probe responder twamp 
(config-responder-twamp)#max-sessions 5 
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port <value> 


Use the port command to specify the User Datagram Protocol (UDP) port to listen for and respond to UDP 
echo packets. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the port number. Valid range is 1 to 65535. 


Default Values 





By default, the UDP port value is 6. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies port 5055 as the UDP port for the UDP echo responder: 


(config)#probe responder udp-echo 
(config-responder-udp)#port 5055 
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shutdown 
Use the shutdown command to disable a responder and cause it to cease operation. While a responder is 


shut down, it will not respond to probe packets. Use the no form of this command to enable a responder to 
respond to probe traffic. 


Syntax Description 





No subcommanas. 


Default Values 





By default, probe responders are shut down when created. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example enables responder twamp: 


(config)#probe responder twamp 
(config-responder-twamp)#no shutdown 
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source-interface <interface> 
Use the source-interface command to specify an interface with the primary Internet Protocol (IP) address 


used as the source address for responder traffic that originated from the unit. Use the no form of this 
command to return to the default setting. 


Syntax Description 





<interface> Specify an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
dotitap 1/1.1. 


Default Values 





By default, the source interface is not configured. 


Command History 


Release 17.2 Command was introduced. 


Usage Examples 





The following example configures the source interface as vlan1: 


(config)#probe responder twamp 
(config-responder-twamp)#source-interface vian1 
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NETWORK MONITOR TRACK CONFIGURATION COMMAND SET 





This section explains the commands available for Network Monitoring Tracks. Tracks are objects created 
to monitor network probes for a change in their state. The tracks can be configured to perform a specific 
action based upon the probe state detected. Association between a track and a probe occurs through 
referencing the probe in the track’s configuration. Once the track is registered with the probe, whenever a 
change occurs with the probe’s state, an event is sent to the track. 


Additional configuration commands are available for creating probes. These are explained in the Network 
Monitor Probe Configuration Command Set on page 2150. 


To activate the Network Monitor Track Configuration mode, enter the track command at the Global 
Configuration mode prompt followed by the name of the track. For example: 


>enable 

#configure terminal 
(config)#track track1 
(config-track-track1)# 


The following command is common to multiple command sets and is covered in a centralized section of 
this guide. For more information, refer to the sections listed below: 


exit on page 51 
All other commands for this command set are described in this section in alphabetical order: 


dampening-interval on page 2156 
log-changes on page 2187 

shutdown on page 2188 

test if on page 2189 

test list on page 2193 

test list weighted on page 2196 
time-schedule <name> on page 2199 
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dampening-interval 


Use the dampening-interval command to specify an amount of time to wait before allowing a new probe 
status change to trigger a new action. Use the no form of this command to return to the default. Variations 
of this command include: 


dampening-interval <va/ue> 
dampening-interval fail<va/ue> 
dampening-interval pass <value> 


Syntax Description 





<value> Specifies the time interval value in seconds. Valid range is 0 to 4294967295 
seconds. If neither the fail or pass subcommand is specified, the value will 
be used for both conditions. 


fail <value> Specifies the delay in seconds active following pass-to-fail transitions. 
pass <value> Specifies the delay in seconds active following fail-to-pass transitions. 


Default Values 





By default, the interval is set to 0 seconds. 


Command History 





Release 13.1 Command was introduced. 
Release 14.1 Command was expanded to included fail and pass criteria. 


Usage Examples 





The following example sets the dampening interval to 90 seconds for a fail-to-pass transition: 


(config)#track track1 
(config-track-track1)#dampening-interval pass 90 
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log-changes 


Use the log-changes command to enable logging of status changes. When enabled, probe state transitions 
are displayed (real time) on the terminal (or Telnet) screen. Unlike track debug commands, the 
log-changes command appears in the running configuration and can be saved to persist through a unit 
restart. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this feature is disabled. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example enables the logging of status changes: 


(config)#track track1 
(config-track-track1)#log-changes 
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shutdown 


Use the shutdown command to disable a track. While a track is shut down, it is forced to fail. Use the no 
form of this command to enable a track. 


Syntax Description 


No subcommanas. 


Default Values 





By default, tracks are active when created. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 





A track must be created first using the track command in the Global Configuration mode. Refer to the 
command track <name> on page 947 for more information. Issuing the shutdown command at the track 
configuration prompt will force the track to fail. 


Usage Examples 





The following example enables track1: 


(config)#track track1 
(config-track-track1)#no shutdown 
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test if 


Use the test if command to specify a single object (schedule, probe, or interface) to be tested. Use the no 
form of this command to remove the track test. Variations of this command include: 


test if interface <interface> ip-routing 

test if interface <interface> line-protocol 
test if probe <name> 

test if schedule <name> 

test if not interface <interface> ip-routing 
test if not interface <interface> line-protocol 
test if not probe <name> 

test if not schedule <name> 


Syntax Description 





interface <interface> Specifies an interface as the object to be tested. Specify an interface in 
the format <interface type [slot/port | slot/port.subinterface id | interface id | 
interface id.subinterface id]>. For example, for an Ethernet subinterface, 
use eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use 
atm 1.1; and for a virtual local area network interface, use vlan 1. Type test 
if interface ? for a complete list of valid interfaces. 


ip-routing Specifies the interface’s ability to perform IP routing will be tested. 

line-protocol Specifies the line-protocol state of an interface will be tested. 

not Optional. Negates the test results when specifying a single object 
(schedule, probe, or interface) to be tested. 

probe <name> Specifies the name of the probe. 

schedule <name> Specifies the name of the schedule. 





Network monitoring probes and their associated names are created using the command 
probe on page 885. Schedules and their associated names are created using the command 

‘woe schedule <name> on page 905. More information on interface commands is available in 
Common Commands on page 52. 





Default Values 





By default, a track is not associated with any probes or interfaces. 


Functional Notes 





The test if command specifies a conditional test where the track state (pass or fail) is dependant upon the 
state of the object (probe, schedule, or interface) being tested. For example, the track will PASS if the 
schedule or probe is in an ACTIVE or PASS state. Conversely, the track will FAIL if the schedule or probe 
is in an INACTIVE or FAIL state. 
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The test if not command specifies a conditional test where the track state (pass or fail) is dependant upon 
the state of the object (probe, schedule, or interface) being tested. The not keyword indicates that the track 
state will negate the result of the object test. For example, the track will FAIL if the schedule or probe is in 
an ACTIVE or PASS state. Conversely, the track will PASS if the schedule or probe is in an INACTIVE or 
FAIL state. 


An interface is IP routing if its line-protocol state is up and if it has a valid, non-zero IP address. This means 
that interfaces using DHCP or negotiated PPP will not pass until their primary IP address is dynamically 
configured. 


Command History 





Release 15.1 Command was introduced. 
Release 16.1 Command was expanded to include the interface parameter. 


Usage Examples 


The following example demonstrates the use of the test if probe command to specify a single object to 
test: 


(config)#track PINGTEST 
(config-track-PINGTEST)#test if probe PINGREMOTE 


The following example demonstrates the logic of the test if not command used with schedule tracking: 


(config)#track DELAY 
(config-track-DELAY)#test if not schedule DELAY-AFTER-BOOT 





The inverse logic of this command means that track DELAY will pass only if the schedule 
‘wore DELAY-AFTER-BOOT is inactive. 





The explanation that follows uses a real-world example to provide insight into the example above: 


A customer has a primary Ethernet WAN interface, as well as a dial-on-demand interface enabled on an 
AOS unit. The demand interface is intended as a backup for the primary Ethernet interface. During router 
initialization and bootup, the Ethernet interface negotiates an IP address and default route from a DHCP 
server. Due to this negotiation process, the active state of the Ethernet interface lags behind that of the 
demand interface. As a result, the Ethernet interface appears “down” and the demand interface dials out to 
back up the connection. The customer would like to prevent the demand interface from dialing out before 
the Ethernet connection has had a chance to obtain its DHCP settings and become active. It is determined 
that 180 seconds is a sufficient amount of time to allow for the Ethernet interface to become active. 


The following bullets describe the setup via CLI to accomplish the customer's goals: 


*« Aschedule called DELAY-AFTER-BOOT is created and specified to become active 180 seconds after 
the AOS unit has booted up. 


« A track named DELAY is created. 
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* Track DELAY is associated with the schedule DELAY-AFTER-BOOT via the following command: 
(config-track-DELAY)#test if not schedule DELAY-AFTER-BOOT 


The inverse logic of this command means that track DELAY will pass only if the schedule 
DELAY-AFTER-BOOT is inactive. Therefore, this track will pass only during the first 180 seconds 
following boot up of the AOS unit. 


¢ Adefault route to null interface 0 is created and associated with track DELAY. This default route will 
only be inserted into the routing table when track DELAY is in the pass state. The administrative 
distance for the default route to null interface 0 is 10 and is set to be lower than the administrative 
distance for the demand interface default route (200). 


Output from the show run command summarizes the CLI configuration: 
#show run 
(some output omitted)... 


schedule DELAY-AFTER-BOOT 

!! Schedule is Inactive for first 180 seconds, then Active thereafter 
relative start-after 180 

| 

track DELAY 

log-changes 

test if not schedule DELAY-AFTER-BOOT 

no shutdown 

| 

!!! Below is a default route to null 0 with an admin distance of 
!!! 10 that is tracked by DELAY and a default route to demand 1 
!!! with admin distance of 200 

ip route 0.0.0.0 0.0.0.0 null 0 10 track DELAY 

ip route 0.0.0.0 0.0.0.0 demand 1 200 


Since track DELAY is in a pass state during the first 180 seconds after the AOS unit has booted up, the 
default route to null interface 0 will be in effect and all traffic using the default route in the route table will be 
routed to null interface 0. The demand interface will not be activated during the first 180 seconds because 
the default route to null interface 0 has a lower administrative distance than the demand interface default 
route. 


As soon as a default route has been assigned to the primary Ethernet WAN interface, the route will appear 
in the routing table with an administrative distance of 1 (which is lower than the administrative distance of 
10 for the null interface). Due to the lower administrative distance, all traffic using the default route in the 
route table will switch to the default route associated with the primary Ethernet interface. 


180 seconds after boot up, the schedule DELAY-AFTER-BOOT becomes active. Subsequently, track 
DELAY fails. The default route to null interface 0 is removed from the routing table and will not be placed in 
the route table again as long as the AOS unit is up. The two default routes that remain are the current 
default route to the primary WAN Ethernet interface (administrative distance is 1) and the back-up default 
route to the demand interface (administrative distance is 200). 
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The following example uses the test if interface command to specify testing the IP routing capability of an 
Ethernet interface: 


(config)#track track1 
(config-track-track1)#test if interface ethernet 0/1 ip-routing 


To view the results of the test, use the do show track track1 command: 


(config-track-track1)#do show track track1 
Current State: FAIL (Admin: UP) 
Testing: 
interface eth 0/1 ip-routing (FAIL) 
Dampening Interval: 1 seconds 
Time in current state: O days, 0 hours, 0 minutes, 4 seconds 
Track State Changes: 1 
Tracking: 
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test list 


Use the test list command to enter the Boolean Track Test List command set, which is used to specify 
multiple objects (schedule, probe, or interface) to be tested. Use the no form of this command to remove 
the test list. Variations of this command include: 


test list and 
test list or 


The following additional subcommands are available once you have entered the Boolean Track Test List 
Configuration Mode: 


if interface <interface> ip-routing 

if interface <interface> line-protocol 

if probe <name> 

if schedule <name> 

if not interface <interface> ip-routing 

if not interface <interface> line-protocol 
if not probe <name> 

if not schedule <name> 





When using any command under the Boolean AND/OR track test list, it is important to 
remember how the logic will affect every object in the track test list. 





Syntax Description 


and Specifies the relationship between all objects placed in this list. The 
logical AND relationship means that all objects in this list must be in 
the PASS state for the track test list to pass, or at least one object in 
a FAIL state for the track test list to fail. 


or Specifies the relationship between all objects placed in this list. The 
logical OR relationship means that only one of the objects in this list 
must be in the PASS state for the track test list to pass, and all 
objects in a FAIL state for the track test list to fail. 


if [probe | schedule | interface] Specifies a single conditional test to be added to the test track list. 


if not [probe | schedule | interface] Specifies a single conditional test to be added to the test track list. 
The not keyword indicates that the individual track state will negate 
the result of the object test. 


<interface> Specifies the interface to be added to the test track list. Specify an 
interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface ia]>. 
For example, for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for 
a virtual local area network interface, use vlan 1. Type if interface 
? for a complete list of valid interfaces. 
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ip-routing Specifies the interface’s ability to perform IP routing will be tested. 
line-protocol Specifies the line-protocol state of an interface will be tested. 
<name> Specifies the name of the probe or schedule. 





Network monitoring probes and their associated names are created using the command 
probe on page 885. Schedules are created and defined using the command schedule 

‘one <name> on page 905. More information on interface commands is available in Common 
Commands on page 52. 





Default Values 





By default, a track list does not exist. 


Command History 





Release 15.1 Command was introduced. 
Release 16.1 Command was expanded to include the interface parameter. 


Functional Notes 





There is no limit to how many probes, schedules, or interfaces can be tested within a single test list. 
However, only one type (AND, OR, or weighted) of test list can exist on a track at any given time. 


An interface is IP routing if its line-protocol state is up and if it has a valid, non-zero IP address. This means 
that interfaces using DHCP or negotiated PPP will not pass until their primary IP address is dynamically 
configured. 


Usage Examples 


The following example demonstrates use of the test list and command to create a Boolean track test list 
where ALL tests must PASS in order for the track to PASS. The test list for track LB contains two probe 
tests, LB and LB2. 


config)#track LB 

config-track-track LB)#test list and 
config-track-track LB test)#if probe LB 
config-track-track LB test)#if probe LB2 
config-track-track LB test)#exit 
config-track-track LB)#no shutdown 


mn n i= = 


The show track LB command is executed to see whether track LB is in a PASS state: 


#show track LB 
Current State: PASS (Admin: UP) 
Testing: 
probe LB (PASS) 
AND probe LB2 (PASS) 
Dampening Interval: 1 seconds 
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Time in current state: 0 days, 0 hours, 0 minutes, 29 seconds 
Track State Changes: 2 
Tracking: 


Currently, track LB is ina PASS state. Due to the AND Boolean logic for this test list, track LB is ina PASS 
state because the test probe statements within the test list (probe LB and LB2) are also BOTH in a PASS 
state. 


Now, probe LB has been forced to fail for demonstration purposes in this example. Output from the show 
track LB command shows track LB in a FAIL state. 


(config-loop 1)#do show track LB 


Current State: FAIL (Admin: UP) 

Testing: 

probe LB (FAIL) 

AND probe LB2 (PASS) 

Dampening Interval: 1 seconds 

Time in current state: O days, 0 hours, 0 minutes, 10 seconds 
Track State Changes: 3 

Tracking: 


Probe LB is now in a FAIL state. As a result, track LB is also in a FAIL state. 





If the test list in this example had specified the OR Boolean logic (using the test list or 
‘one commana), then track LB would have passed even though one of the test probes was in the 
FAIL state. 
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test list weighted 


Use the test list weighted command to enter the Weighted Track Test List Configuration mode, which is 
used to specify multiple objects (schedules, probes, or interfaces) to be tested. Objects listed in a weighted 
track test are assigned a specific weight value. The total weight of all the objects in the list is compared to 
a user-specified threshold to determine whether the track passes or fails. Use the no form of this command 
to remove the test list. 


The following additional subcommands are available once you have entered the Weighted Track Test List 
Configuration mode: 


if interface <interface> ip-routing weight <value> 

if interface <interface> line-protocol weight <va/ue> 

if probe <name> weight <value> 

if schedule <name> weight <value> 

if not interface <interface> ip-routing weight <value> 

if not interface <interface> line-protocol weight <value> 
if not probe <name> weight <value> 

if not schedule <name> weight <value> 

threshold <number> 

threshold pass <number> fail <number> 


Syntax Description 


if [probe | schedule | interface] Specifies a single conditional test to be added to the test track list. 


if not [probe | schedule | interface]Specifies a single conditional test to be added to the test track list 
The not keyword indicates that the individual track state will negate 
the result of the object test. 


<interface> Specifies the interface to be added to the test track list. Specify an 
interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface iad]>. 
For example, for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and for a 
virtual local area network interface, use vlan 1. Type if interface ? 
for a complete list of valid interfaces. 


ip-routing Specifies the interface’s ability to perform IP routing will be tested. 

line-protocol Specifies the line-protocol state of an interface will be tested. 

<name> Specifies the name of the probe or schedule. 

weight <value> Specifies the weight value to use if this test is successful. Range is 1 
to 65,535. 

threshold <number> Specifies a baseline weight for state transitions. Range is 1 to 
4,294,967,295. 

pass <number> Optional. Specifies the number which, if reached or exceeded, will 
change the state of the track test list to pass. Range is 1 to 
4,294,967,295. 
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fail <number> Optional. Specifies the number that will change the state of the track 
test list to fail. Range is 1 to 4,294,967,295. 





Network monitoring probes and their associated names are created using the command 
probe on page 885. Schedules are created and defined using the command schedule 

‘wore <name> on page 905. More information on interface commands is available in Common 
Commands on page 52. 





Default Values 





By default, a track list does not exist. 


Command History 





Release 15.1 Command was introduced. 
Release 16.1 Command was expanded to include the interface parameter. 


Functional Notes 





There is no limit to how many probes, schedules, or interfaces can be tested within a single test list. 
However, only one type (AND, OR, or weighted) of test list can exist on a track at any given time. 


An interface is IP routing if its line-protocol state is up and if it has a valid, non-zero IP address. This means 
that interfaces using DHCP or negotiated PPP will not pass until their primary IP address is dynamically 
configured. 


Usage Examples 





The following example demonstrates use of the test list weighted command. The list contains three probe 
tests and each test has been assigned a different weight value (10, 20, and 30). When a probe test 
passes, its weight is added to the sum of the weights from other successful tests contained within the 
Weighted Track Test List. The pass threshold in this example is set to 35. The sum of all the weights must 
meet or exceed the value of 35 before the Weighted Track Test List will transition to a PASS state. The fail 
threshold in this example is set to 25. Therefore, if the sum of all the weights falls below the value of 25, the 
Weighted Track Test List will transition to a FAIL state. 


config)#track LB-test 

config-track-LB-test)#test list weighted 
config-track-LB-test-test)#if probe LB weight 10 
config-track-LB-test-test)#if probe LB2 weight 20 
config-track-LB-test-test)#if probe LB3 weight 30 
config-track-LB-test-test)#threshold pass 35 fail 25 
config-track-LB-test-test)#exit 
config-track-LB-test)#no shutdown 


( 
( 
( 
( 
( 
( 
( 
( 


The show track LB-test command is executed to see whether track LB-test is in a PASS state: 


#show track LB-test 
Current State: PASS = (Admin: UP) 
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Testing: 
+10 if probe LB (PASS) 
+20 if probe LB2 (PASS) 
+30 if probe LB3 (PASS) 
Total = 60 currently, < 25 changes state to FAIL 
Dampening Interval: 1 seconds 
Time in current state: 2 days, 5 hours, 21 minutes, 13 seconds 
Track State Changes: 0 
Tracking: 


Currently, all probe test commands are in the PASS state. Therefore, the sum of the assigned weights 
equals 60. The value of 60 exceeds the specified pass threshold of 35. As a result, the current state of the 
track is PASS. 


Probe LB and probe LB3 have been forced to fail for demonstration purposes in this example. Output from 
the show track LB-test command shows track LB-test to be in a FAIL state. 


(config-loop 1)#do show track LB-test 

Current State: FAIL (Admin: UP) 

Testing: 

+10 if probe LB (FAIL) 

+20 if probe LB2 (PASS) 

+30 if probe LB3 (FAIL) 

Total = 20 currently, >= 35 changes state to PASS 
Dampening Interval: 1 seconds 

Time in current state: 0 days, 0 hours, 0 minutes, 33 seconds 
Track State Changes: 1 

Tracking: 


Only probe LB2 is in the PASS state. Therefore, the sum of the assigned weights equals 20. The value of 
20 falls below the FAIL threshold of 25. As a result, the current state of the track is now FAIL. 
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time-schedule <name> 


Use the time-schedule command to specify the time period a track has an affect. While the specified 
schedule is active, the track follows the state of its associated probe. Use the no form of this command to 
remove the time schedule from this track. Refer to the command schedule <name> on page 905 for more 
information on creating and modifying a schedule. Variations of this command include: 


time-schedule <name> pass 
time-schedule <name> fail 


Syntax Description 





<name> Specifies the name of the time schedule to apply. 
pass Specifies that the track status is PASS when the schedule is inactive. 
fail Specifies that the track status is FAIL when the schedule is inactive. 


Default Values 





By default, no time schedule is assigned to the track. Therefore, the track always follows the state of its 
associated probe. 


Command History 





Release 14.1 Command was introduced. 


Release 15.1 Command was expanded to allow specification of the track state when the 
schedule is inactive. 


Usage Examples 





The following example specifies that schedule1 will be used to determine when track1 follows the state of 
its probe: 


(config)#track track1 
(config-track-track1)#time-schedule schedule1 pass 
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ROUTER (OSPF) CONFIGURATION COMMAND SET 





To activate the Router (OSPF) Configuration mode, enter the router ospf command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#router ospf 
(config-ospf)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


area <area id> default-cost <value> on page 2201 

area <area id> range <ip address> <subnet mask> on page 2202 
area <area id> stub on page 2203 

auto-cost reference-bandwidth <value> on page 2204 
default-information-originate on page 2205 

default-metric <value> on page 2206 

distance <number> on page 2207 

maximum-paths <value> on page 2209 

network <ip address> <wildcard mask> area <area id> on page 2210 
redistribute bgp on page 2211 

redistribute connected on page 2212 

redistribute rip on page 2213 

redistribute static on page 2215 

summary-address <ip address> <subnet mask> on page 2217 
timers lsa-group-pacing <value> on page 2218 

timers spf <delay> <hold> on page 2219 
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area <area id> default-cost <value> 


Use the area default-cost command to assign a cost of the default summary route sent into a stub area or 
not-so-stubby-area (NSSA). Use the no form of this command to delete the assigned cost. 


Syntax Description 


<area id> Specifies the identifier for this area. Specifies as an integer (range is 0 to 
4294967295) or an IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<value> Specifies the default summary route cost. Range is 0 to 166777214. 


Default Values 





By default the summary route cost is set to 0. There is no default for the area ID. 


Command History 


Release 3.1 Command was introduced. 


Usage Examples 





The following example defines a default cost of 85 to a specific area: 


(config)#router ospf 
(config-ospf)#area 192.22.72.0 default-cost 85 
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area <area id> range <ip address> <subnet mask> 


Use the area range command to configure area route summarizations and to determine whether an address 
range is advertised to the networks. Use the no form of this command to return to disable this feature. 
Variations of this command include: 


area <area id> range </p address> <subnet mask> advertise 
area <area id> range <ip address> <subnet mask> not-advertise 


Syntax Description 





<area id> Specifies the identifier for this area. Specifies as an integer (range is 0 to 
4,294 ,967,295) or an IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


<ijpp address> Specifies the IP address of the advertised summary route. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


advertise Specifies that the address range will be advertised to other networks. 
not-advertise Specifies that the address range will not be advertised to other networks. 


Default Values 
By default, OSPF is not enabled. 





Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example defines an address range for a specific area that allows the unit to advertise this 
range to other networks: 


(config)#router ospf 
(config-ospf)#area 11.0.0.0 range 11.0.0.0 255.0.0.0 advertise 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2202 


Command Reference Guide Router (OSPF) Configuration Command Set 





area <area id> stub 


Use the area stub command to configure an area as a stub area. Use the no form of this command to 
disable stub-designation for areas defined as stubs using this command. Variations of this command 
include: 


area <area id> stub 
area <area id> stub no-summary 


Syntax Description 





<area id> Specifies the identifier for this area. Specifies as an integer (range is 0 to 
4,294 ,967,295) or an IP address. IP addresses should be expressed in 
dotted decimal notation (for example, 10.10.10.1). 


no-summary Optional. Designates the area as a total stub area. No summary link 
advertisements will be sent by the ABR into the stub area. 


Default Values 
By default, OSPF is not enabled. 


Command History 





Release 3.1 Command was introduced. 


Technology Review 


It is important to coordinate configuration of all routers and access servers in the stub area. The area stub 
command must be configured for each of those pieces of equipment. Use the area router configuration 
command with the area default-cost command to specify the cost of a default internal router sent into a 
stub area by an ABR. Refer to area <area id> default-cost <value> on page 2201 for related information. 


Usage Examples 





The following example configures area 2 as a stub area: 


(config)#router ospf 
(config-ospf)#area 2 stub 
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auto-cost reference-bandwidth <value> 
Use the auto-cost reference-bandwidth command to assign a different interface cost to an interface. It 


may be necessary to assign a higher number to high-bandwidth links. This value is used in OSPF metric 
calculations. Use the no form of this command to return to the default setting. 


Syntax Description 





<value> Sets the default reference bandwidth rate in Mbps. Range is 1 to 
4294967 Mbps. 


Default Values 





By default, the rate is set to 100. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sets the auto-cost reference-bandwidth to 1000 Mbps: 


(config)#router ospf 
(config-ospf)#auto-cost reference-bandwidth 1000 
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default-information-originate 


Use the default-information-originate command to cause an ASBR to generate a default route. It must 
have its own default route before it generates one unless the always keyword is used. Use the no form of 
this command to return to the default setting. Variations of this command include: 


default-information-originate 

default-information-originate always 

default-information-originate always metric <value> 
default-information-originate always metric <va/ue> metric-type <type> 
default-information-originate always metric-type <type> 
default-information-originate metric <va/ue> 
default-information-originate metric <va/ue> metric-type <type> 
default-information-originate metric-type <type> 


Syntax Description 


always Optional. Specifies to always advertise default route. 
metric <value> Optional. Configures the metric value. Range is 0 to 16777214. 
metric type <type> Optional. Configures the metric type. Select from types 1 or 2. 


Default Values 





By default, the metric value is set to 10 and the metric type is set to 2. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example configures a router to always advertise default routes and assigns the default router 
a metric value of 10000 and a metric type of 2: 


(config)#router ospf 
(config-ospf)#default-information-originate always metric 10000 metric-type 2 
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default-metric <va/ue> 


Use the default-metric command to set a metric value for redistributed routes. Use the no form of this 
command to return to the default setting. 


Syntax Description 
<value> Sets the default metric value. Range is 0 to 4294967295. 


Default Values 





By default, default-metric value is set at 20. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The metric value defined using the redistribute command overrides the default-metric command’s metric 
setting. Refer to redistribute ospf on page 2234 for related information. 


Usage Examples 





The following example shows a router using both RIP and OSPF routing protocols. The example 
advertises RIP-derived routes using the OSPF protocol and assigns the RIP-derived routes an OSPF 
metric of 10. 


(config)#router ospf 
(config-ospf)#default-metric 10 
(config-ospf)#redistribute rip 
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distance <number> 


Use the distance command to overwrite the OSPF route administrative distance. This can be the same for 
all OSPF routes or different based on the route type. Use the no form of this command to set the OSPF 
administrative distance to the default value. Variations of this command include: 


distance <number> 

distance ospf intra-area <number> 
distance ospf inter-area <number> 
distance ospf external <number> 


Syntax Description 





<number> Specifies the administrative distance to use when adding OSPF routes into 
the route table. Range is 0 to 255. 


intra-area Specifies using a unique administrative distance for route paths between a 
source and destination in the same routing area. 


inter-area Specifies using a unique administrative distance for route paths between a 
source and destination in different areas. 


external Specifies using a unique administrative distance for route paths between 
different autonomous systems. 


Default Values 





By default, 110 is the administrative distance for OSPF routes. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 


The following example configures external OSPF routes to use an administrative distance of 20 while other 
OSPF routes continue to use the default value of 110: 


(config)#router ospf 
(config-ospf)#distance ospf external 20 


Technology Review 





An autonomous system (AS) is a set of routers under common administration control that usually use a 
common routing strategy. Each AS is composed of routing areas, which are groups of adjoining networks 
and attached hosts. Intra-area routing occurs when the source and destination hosts are in the same area; 
inter-area routing occurs when the source and destination hosts are in different areas; and external routing 
occurs when communication is between different ASs. 
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Administrative distance is a feature that routers employ in order to select the most reliable path when there 
are two or more routes to the same destination from two different routing protocols. Administrative distance 
defines the reliability of a routing protocol by assigning a value (the smaller the value the more trustworthy 
the protocol) that is then used by the router to organize routing protocols according to reliability. 
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maximum-paths <value> 
Use the maximum-paths command to specify the number of parallel routes (shared paths) OSPF can 


inject into the route table. When IP load sharing is enabled, traffic is balanced to a specific destination 
across up to six equal paths. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the number of routes OSPF can insert into the route table. Valid 
range is 1 to 6. 


Default Values 





By default, the maximum-paths value is 4. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of multipath routes OSPF can insert in the route table 
to 5. 


(config)#router ospf 
(config-ospf)#maximum-paths 5 
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network </p address> <wildcard mask> area <area id> 
Use the network area command to enable routing on an IP stack and to define area IDs for the interfaces 


on which OSPF will run. Use the no form of this command to disable OSPF routing for interfaces defined 
using this command. 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 

<wildcard> Specifies the wildcard mask that corresponds to a range of IP addresses 
(network). Wildcard masks are expressed in dotted decimal notation (for 
example, 0.0.0.255). 

<area id> Specifies the identifier for this area. Specifies as an integer (range is 0 to 
4294967295) or an IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


Default Values 





No default values required for this command. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





In order for OSPF to operate on an interface, the primary address for the interface must be included in the 
network area command. Assigning an interface to an OSPF area is done using the network area 
command. There is no limit to the number of network area commands used on a router. If the address 
ranges defined for different areas overlap, the first area in the network area command list is used and all 
other overlapping portions are disregarded. Try to avoid overlapping to avoid complications. 


Usage Examples 
In the following example, the OSPF routing process is enabled and two OSPF areas are defined: 
(config)#router ospf 


(config-ospf)#network 192.22.72.101 0.0.0.255 area 0 
(config-ospf)#network 10.0.0.0 0.255.255.255 area 10.0.0.0 
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redistribute bgp 


Use the redistribute bgp command to advertise routes from one protocol to another. Using the bgp 
keyword allows the advertisement of BGP routes into the OSPF routing protocol. This will advertise BGP 
routes on OSPF-enabled interfaces. It does not enable OSPF on all interfaces. Use the no form of this 
command to disable the propagation of the specified route type. Variations of this command include: 


redistribute bgp 

redistribute bgp metric <va/ue> 
redistribute bgp metric-type <type> 
redistribute bgp route-map <name> 
redistribute bgp subnets 


Syntax Description 





metric <value> Optional. Specifies an OSPF metric value to be assigned to routes learned 
via BGP. 

metric-type <type> Optional. Specifies a type 1 or type 2 external route as the external link 
type. If not specified, the default is 2. 

route-map <name> Optional. Specifies the route map access-list filter to use for advertising 
redistributed BGP routes in OSPF. 

subnets Optional. Specifies subnet redistribution when redistributing routes into 
OSPF. 


Default Values 





By default, this command is disabled. 


Command History 


Release 14.1 Command was introduced. 


Functional Notes 





Redistributing BGP routes imports those routes into OSPF without the interfaces in question actually 
participating in OSPF. The BGP routes imported this way are not covered by a network command and do 
not send/receive OSPF traffic. This allows OSPF to learn and distribute routes to networks that do not 
participate in OSPF. 


Usage Examples 





The following example imports BGP routes into OSPF: 


(config)#router ospf 
(config-ospf)#redistribute bgp 
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redistribute connected 


Use the redistribute connected command to advertise routes from one protocol to another. Using the 
connected keyword allows the advertisement of connected routes into the OSPF routing protocol. This 
will advertise all connected routes on OSPF-enabled interfaces. It does not enable OSPF on all interfaces. 
Use the no form of this command to disable the propagation of the specified route type. Variations of this 
command include: 


redistribute connected 

redistribute connected metric <va/lue> 
redistribute connected metric-type <type> 
redistribute connected route-map <name> 
redistribute connected subnets 


Syntax Description 





metric <value> Optional. Specifies an OSPF metric value to be assigned to connected 
routes. (if no other value is specified). 

metric-type <type> Optional. Specifies a type 1 or type 2 external route as the external link 
type. If not specified, the default is 2. 

route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 
static routes in OSPF. 

subnets Optional. Specifies subnet redistribution when redistributing routes into 
OSPF. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 10.1 Subcommands were added. 
Release 14.1 Command was expanded to included route map filtering. 


Functional Notes 


Redistributing connected routes imports those routes into OSPF without the interfaces in question actually 
participating in OSPF. The connected routes imported this way are not covered by a network command 
and do not send/receive OSPF traffic. 


Usage Examples 


The following example imports connected routes into OSPF: 


(config)#router ospf 
(config-ospf)#redistribute connected 
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redistribute rip 


Use the redistribute rip command to advertise routes from one protocol to another, regardless of the 
routing protocol implemented on the routing domain. Using the rip keyword allows the propagation of RIP 
routes into OSPF. It does not enable OSPF on all interfaces. Use the no form of this command to disable 
the propagation of the specified route type. Variations of this command include: 


redistribute rip 

redistribute rip metric <value> 
redistribute rip metric-type <type> 
redistribute rip route-map <name> 
redistribute rip subnets 


Syntax Description 





rip Specifies advertising RIP routes using OSPF. 

metric <value> Optional. Specifies a metric value to be carried from one OSPF process to 
the next (if no other value is specified). 

metric-type <type> Optional. Specifies a type 1 or type 2 external route as the external link 
type. If not specified, the default is 2. 

route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 
static routes in OSPF. 

subnets Optional. Specifies subnet redistribution when redistributing routes into 
OSPF. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 10.1 Subcommands were added. 
Release 14.1 Command was expanded to included route map filtering. 


Functional Notes 





Redistributing RIP routes imports routes learned via RIP into OSPF. RIP routes imported this way are not 
covered by a network command. 
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Usage Examples 





The following example imports RIP routes into OSPF: 


(config)#router ospf 
(config-ospf)#redistribute rip 
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redistribute static 


Use the redistribute static command to advertise routes from one protocol to another, regardless of the 
routing protocol implemented on the routing domain. Using the static keyword allows the advertisement 
of static routes into the OSPF routing protocol. This will advertise all static routes on OSPF-enabled 
interfaces. It does not enable OSPF on all interfaces. Use the no form of this command to disable the 
propagation of the specified route type. Variations of this command include: 


redistribute static 

redistribute static metric <va/ue> 
redistribute static metric-type <type> 
redistribute static route-map <name> 
redistribute static subnets 


Syntax Description 





static Specifies advertising static routes using OSPF. 

metric <value> Optional. Specifies a metric value to be carried from one OSPF process to 
the next (if no other value is specified). 

metric-type <type> Optional. Specifies a type 1 or type 2 external route as the external link 
type. If not specified, the default is 2. 

route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 
static routes in OSPF. 

subnets Optional. Specifies subnet redistribution when redistributing routes into 
OSPF. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 10.1 Subcommands were added. 
Release 14.1 Command was expanded to include route map filtering. 


Functional Notes 





Redistributing static routes imports static routes into OSPF. Static routes imported this way are not covered 
by a network command. This allows OSPF to advertise routes that are configured as static routes without 
the identified network participating in OSPF. 
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Usage Examples 





The following example imports static routes into OSPF: 


(config)#router ospf 
(config-ospf)#redistribute static 
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summary-address <ip address> <subnet mask> 


Use the summary-address command to control address summarization of routes that are redistributed into 
OSPF from other sources (for example, RIP-to-OSPF, static-to-OSPF, etc.). Variations of this command 
include: 


summary-address <ip address> <subnet mask> 
summary-address <ip address> <subnet mask> not-advertise 


Syntax Description 





<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). 


<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 
(network) or a specific host. Subnet masks can be expressed in dotted 
decimal notation (for example, 255.255.255.0) or as a prefix length (for 
example, /24). 


not-advertise Optional. Causes suppression of routes that match the specified IP address 
and subnet mask. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 


The following example suppresses advertisement of the routes which match the specified IP address and 
subnet mask: 


(config)#router ospf 
(config-ospf)#summary-address 11.0.0.0 255.0.0.0 not-advertise 
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timers lsa-group-pacing <value> 


Use the timers Isa-group-pacing command to change the link state advertisement (LSA) refresh interval. 
Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Sets the LSA refresh interval in seconds. Range is 10 to 1800 seconds. 


Default Values 





By default, this value is set at 240 seconds. 


Command History 





Release 3.1 Command was introduced. 


Usage Examples 





The following example sets the refresh interval for six minutes: 


(config)#router ospf 
(config-ospf)#timers Isa-group-pacing 360 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2218 


Command Reference Guide Router (OSPF) Configuration Command Set 





timers spf <delay> <hold> 


Use the timers spf command to configure the shortest path first (SPF) calculation and hold intervals. Use 
the no form of this command to return to the default setting. 


Syntax Description 


<delay> Specifies the time in seconds between OSPF'’s receipt of topology changes 
and the beginning of SPF calculations. 


<hold> Specifies the time in seconds between consecutive SPF calculations. 
Range is 10 to 1800 seconds. 


Default Values 





By default, the SPF delay is 5 seconds and the hold interval is set to 10 seconds. 


Command History 


Release 3.1 Command was introduced. 


Usage Examples 





The following example defines a delay of 10 seconds and a hold-time of 30 seconds: 


(config)#router ospf 
(config-ospf)#timers spf 10 30 
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ROUTER (PIM SPARSE) CONFIGURATION COMMAND SET 


To activate the Router (PIM Sparse) Configuration mode, enter the router pim-sparse command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#router pim-sparse 
(config-pim-sparse)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


join-prune-msg-interval <value> on page 2221 
rp-address <ip address> on page 2222 
spt-threshold on page 2223 
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join-prune-msg-interval <value> 


Use the join-prune-msg-interval command to set a timing rate for PIM sparse join/prune messages. Use 
the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the PIM sparse join/prune message interval. Valid range: 
10 to 65,534 seconds. 


Default Values 





By default, the message interval is set to 60 seconds. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the interval for 50 seconds: 


(config)#router pim-sparse 
(config-pim-sparse)#join-prune-msg-interval 50 
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rp-address <ip address> 


Use the rp-address command to specify a static IP address for the rendezvous point (RP) router. The 
access-group keyword is used to limit the multicast group addresses to which the RP applies. Use the no 
form of this command to remove a static IP address for the RP router. Variations of this command include: 


rp-address <ip address> 
rp-address <i/p address> access-group <name> 


Syntax Description 





<ijp address> Specifies the IP address for the RP. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 

access-group <name> Optional. Specifies the particular access group to which the RP 
applies. 


Default Values 


No default necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





The access-group keyword is used to limit the multicast group addresses to which the RP applies. If more 
than one RP is configured for a given multicast group address, then a hash algorithm determines the 
appropriate hierarchy (as shown below). The results of the hash algorithm can be seen with the show ip 
pim-sparse rp-map command. 


The hash algorithm is defined in RFC 2117 section 3.7 as follows: 

For each RP address C(i) in the RP-Set, whose Group-prefix covers G, compute a value: 
Value(G,M,C(i))=(1103515245 * ((1103515245 * (G&M)+12345) XOR C(i)) + 12345) mod 2431 

where M is a hash-mask included in Bootstrap messages. This hash-mask allows a small number of 


consecutive groups (e.g., 4) to always hash to the same RP. For instance, hierarchically-encoded data can 
be sent on consecutive group addresses to get the same delay and fate-sharing characteristics. 


The candidate with the highest resulting value is then chosen as the RP for that group, and its identity and 
hash value are stored with the entry created. 


Ties between C-RPs having the same hash value are broken in advantage of the highest address. 


Usage Examples 


The following example specifies an IP address of 172.22.5.100 for the RP: 


(config)#router pim-sparse 
(config-pim-sparse)#rp-address 172.22.5.100 
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spt-threshold 


Use the spt-threshold command to change the PIM Sparse Shortest Path Tree (SPT) threshold, which 
specifies the number of packets the router sends using the rendezvous point (RP) before switching to the 
SPT. Use the no form of this command to return to the default setting. Variations of this command include: 


spt-threshold <va/ue> 
spt-threshold infinity 


Syntax Description 





<value> Optional. Specifies the number of packets the routing switch sends using 
the RP before switching to the SPT. Valid range is 1 to 
4,294,967,295 packets. 


infinity Optional. Causes all sources to use the shared FP tree. 


Default Values 
By default, the SPT threshold is set to 1 packet. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the SPT threshold at five packets: 


(config)#router pim-sparse 
(config-pim-sparse)#spt-threshold 5 
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ROUTER (RIP) CONFIGURATION COMMAND SET 





To activate the Router (RIP) Configuration mode, enter the router rip command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#router rip 
(config-rip)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


auto-summary on page 2225 

default-metric <value> on page 2226 
distance <number> on page 2227 
distribute-list <name> on page 2228 
network <ip address> <subnet mask> on page 2230 
passive-interface <interface> on page 2231 
redistribute bgp on page 2232 

redistribute connected on page 2233 
redistribute ospf on page 2234 

redistribute static on page 2235 
timeout-timer <value> on page 2236 
update-timer <value> on page 2237 


version on page 2238 
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auto-summary 


Use the auto-summary command to have RIP version 2 summarize subnets to the classful boundaries. 
Use the no form of this command to disable this summarization. 


Syntax Description 


No subcommanads. 


Default Values 





By default, auto-summary is disabled. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





Use this command if you are subdividing a classful network into many subnets and these subnets are to be 
advertised over a slow link (64k or less) to a router that can only reach the classful network via the router 
you are configuring. 


Usage Examples 





The following example configures the router to not automatically summarize network numbers: 


(config)#router rip 
(config-rip)#no auto-summary 
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default-metric <va/ue> 


Use the default-metric command to set the default metric value for the RIP routing protocol. Use the no 
form of this command to return to the default settings. 


Syntax Description 
<value> Sets the default metric value in Mbps. Range is 1 to 4,294,967,295 Mbps. 


Default Values 





By default, this value is set at 0. 


Command History 





Release 3.1 Command was introduced. 


Functional Notes 





The metric value defined using the redistribute command overrides the default-metric command’s metric 
setting. Refer to redistribute ospf on page 2234 for related information. 


Usage Examples 





The following example shows a router using both RIP and OSPF routing protocols. The example 
advertises OSPF-derived routes using the RIP protocol and assigns the OSPF-derived routes a RIP metric 
of 10. 


(config)#router rip 
(config-rip)#default-metric 10 
(config-rip)#redistribute ospf 
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distance <number> 


Use the distance command to set the administrative distance for RIP routes that are added to the route 
table. Use the no form of this command to set the RIP administrative distance to the default value. 


Syntax Description 


<number> Specifies the new administrative distance. Range is 0 to 255. 


Default Values 





By default, the administrative distance for RIP routes is set to 120. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following configuration sets the administrative distance to 109, which gives RIP routes a lower 
administrative distance than OSPF routes: 


(config)#router rip 
(config-rip)#distance 109 


Technical Review 





Administrative distance is a feature that routers employ in order to select the most reliable path when there 
are two or more routes to the same destination from two different routing protocols. Administrative distance 
defines the reliability of a routing protocol by assigning a value (the smaller the value, the more trustworthy 
the protocol) that is then used by the router to organize routing protocols according to reliability. 
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distribute-list <name> 


Use the distribute-list command to add route filtering functionality by assigning inbound and outbound 
access control lists on either a per-interface or global basis. Only one inbound/outbound pair of access 
control lists can be configured for a particular interface. Use the no form of this command to disable the 
filtering. Variations of this command include: 


distribute-list <name> in 


distribute-list <name> in <interface> 


distribute-list <name> out 


distribute-list <name> out <info source> 


Syntax Description 





<name> 


in 
in <interface> 


out 
out <info source> 


Default Values 


Specifies an access control list name. This is a standard IP access control 
list (ACL) against which the contents of the incoming/outgoing routing 
updates are matched. 


Applies route filtering to inbound data. 


Optional. Specifies the interface in which to apply the ACL. Specify an 
interface in the format <interface type [slot/port | slot/port.subinterface id | 
interface id | interface id.subinterface id | ap | ap/radio | ap/radio.vap]>. For 
example, for a T1 interface, use t1 0/1; for an Ethernet subinterface, use 
eth 0/1.1; for a PPP interface, use ppp 1; for an ATM subinterface, use atm 
1.1; and for a wireless virtual access point, use dot11ap 1/1.1. Type 
distribute-list list1 in ? for a complete list of applicable interfaces. 


Applies route filtering to outbound data. 


Optional. Specifies the source of the routing information. The source can be 
an interface or a routing process (connected, ospf, rip, or static). Type 
distribute list <name> out ? for a list of available options. 


By default, distribute-list filtering is disabled. 


Command History 





Release 12.1 


Command was introduced. 
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Usage Examples 





The following example will filter out all network advertisements received via Ethernet interface 0/1 with the 
exception of the 10.10.10.0 network: 


(config)#router rip 

(config-rip)#version 2 

(config-rip)#network 192.168.1.0 255.255.255.0 
(config-rip)#distribute-list list_1 in eth 0/1 
(config-rip)#exit 

(config)#ip access-list standard list_1 
(config-std-nacl)#permit 10.10.10.0 0.0.0.255 
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network <ip address> <subnet mask> 


Use the network command to enable RIP on the specified network. Use the no form of this command to 
remove a network from the list. 


Syntax Description 


<ijp address> Specifies the IP address of the network on which RIP will be enabled. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 

<subnet mask> Specifies the subnet mask that corresponds to a range of IP addresses 


(network). Subnet masks can be expressed in dotted decimal notation (for 
example, 255.255.255.0) or as a prefix length (for example, /24). 


Default Values 





By default, RIP is not enabled. 


Command History 





Release 1.1 Command was introduced. 


Functional Notes 





AOS will only allow processing (sending and receiving) RIP messages on interfaces with IP addresses that 
are contained in the networks listed using this command. All RIP messages received on interfaces not 
listed using this command will be discarded. To allow for receiving and participating in RIP but not for 
transmitting, use the passive-interface command (refer to passive-interface <interface> on page 2231). 


Usage Examples 
The following example enables RIP on the 102.22.72.252/30, 192.45.2.0/24, and 10.200.0.0/16 networks: 





config)#router rip 

config-rip)#network 102.22.72.252 255.255.255.252 
config-rip)#network 192.45.2.0 255.255.255.0 
config-rip)#network 10.200.0.0 255.255.0.0 


aN aN 
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passive-interface <interface> 


Use the passive-interface command to disable the transmission of routing updates on the specified 
interface. Use the no form of this command to enable the transmission of routing updates on an interface. 


Syntax Description 


<interface> Specifies an interface in the format <interface type [slot/port | 
slot/port.subinterface id | interface id | interface id.subinterface id | ap | 
ap/radio | ap/radio.vap]>. For example, for a T1 interface, use t1 0/1; for an 
Ethernet subinterface, use eth 0/1.1; for a PPP interface, use ppp 1; for an 
ATM subinterface, use atm 1.1; and for a wireless virtual access point, use 
doti1ap 1/1.1. Type passive-interface ? for a complete list of valid 





interfaces. 
Default Values 
By default, RIP is not enabled. 
Command History 
Release 1.1 Command was introduced. 


Functional Notes 





All routing updates received on that interface will still be processed (and advertised to other interfaces), but 
no updates will be transmitted to the network connected to the specified interface. Multiple 
passive-interface commands may be used to create a customized list of interfaces. 


Usage Examples 





The following example disables routing updates on the Frame Relay link (labeled 1.17) and the PPP link 
(labeled 1): 


(config)#router rip 
(config-rip)#passive-interface frame-relay 1.17 
(config-rip)#passive-interface ppp 1 
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redistribute bgp 


Use the redistribute bgp command to advertise routes from one protocol to another, regardless of the 
routing protocol implemented on the routing domain. Using the bgp keyword allows the propagation of 
BGP routes into RIP. Use the no form of this command to disable the propagation of the specified route 
type. Variations of this command include: 


redistribute bgp 
redistribute bgp metric <va/ue> 
redistribute bgp route-map <name> 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed BGP 
routes in RIP. 
route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 


BGP routes in RIP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 14.1 Command was introduced. 


Functional Notes 





Redistributing BGP routes imports those routes into RIP without the interfaces in question actually 
participating in RIP. The BGP routes imported this way are not covered by a network command and are 
learned via BGP. This allows RIP to distribute routes for networks that are not participating in this RIP 
network. 


If redistribute bgp is enabled and no metric value is specified, the value defaults to 0. The metric value 
defined using the redistribute bgp metric command overrides the default-metric command’s metric 
setting. Refer to default-metric <value> on page 2226 for more information. 


Usage Examples 





The following example imports BGP routes into RIP: 


(config)#router rip 
(config-rip)#redistribute bgp 
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redistribute connected 


Use the redistribute connected command to pass routes from one network to another, regardless of the 
routing protocol implemented on the routing domain. Using the connected keyword allows the 
propagation of routes connected to other interfaces using the RIP routing protocol. Use the no form of this 
command to disable the propagation of the specified route type. Variations of this command include: 


redistribute connected 
redistribute connected metric <va/ue> 
redistribute connected route-map <name> 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed routes 
in RIP. 

route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 
routes in RIP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 14.1 Command was expanded to included route map filtering. 


Functional Notes 


Redistributing connected routes imports those routes into RIP without the interfaces in question actually 
participating in RIP. The connected routes imported this way are not covered by a network command and 
do not send/receive RIP traffic. 


Usage Examples 





The following example passes the connected routes found in the route table to other networks running the 
RIP routing protocol: 


(config)#router rip 
(config-rip)#redistribute connected 
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redistribute ospf 


Use the redistribute ospf command to advertise routes from one protocol to another, regardless of the 
routing protocol implemented on the routing domain. Using the ospf keyword allows the propagation of 
OSPF routes into RIP. Use the no form of this command to disable the propagation of the specified route 
type. Variations of this command include: 


redistribute ospf 
redistribute ospf metric <va/ue> 
redistribute ospf route-map <name> 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed OSPF 
routes in RIP. 
route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 


OSPF routes in RIP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 3.1 Command was introduced. 
Release 14.1 Command was expanded to include route map filtering. 


Functional Notes 


Redistributing OSPF routes imports those routes into RIP without the interfaces in question actually 
participating in RIP. The OSPF routes imported this way are not covered by a network command and do 
not send/receive RIP traffic. This allows RIP to distribute routes for networks that are not participating in 
this RIP network. 


If redistribute ospf is enabled and no metric value is specified, the value defaults to 0. The metric value 
defined using the redistribute ospf metric command overrides the default-metric command’s metric 
setting. Refer to default-metric <value> on page 2226 for more information. 


Usage Examples 





The following example imports OSPF routes into RIP: 


(config)#router rip 
(config-rip)#redistribute ospf 
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redistribute static 


Use the redistribute static command to pass routes from one network to another, regardless of the routing 
protocol implemented on the routing domain. Using the static keyword allows the propagation of static 
routes to other interfaces using the RIP routing protocol. Use the no form of this command to disable the 
propagation of the specified route type. Variations of this command include: 


redistribute static 
redistribute static metric <va/ue> 
redistribute static route-map <name> 





The gateway network for the static route must participate in RIP by using the network 
command for the gateway network. 


Syntax Description 





metric <value> Optional. Specifies the hop count to use for advertising redistributed static 
routes in RIP. 
route-map <name> Optional. Specifies the route map filter to use for advertising redistributed 


static routes in RIP. 


Default Values 





By default, this command is disabled. 


Command History 





Release 1.1 Command was introduced. 
Release 14.1 Command was expanded to include route map filtering. 


Functional Notes 





Redistributing static routes allows other network devices to learn about routes without requiring manual 
input to each device on the network. 


Usage Examples 





The following example passes the static routes found in the route table to other networks running the RIP 
routing protocol: 


(config)#router rip 
(config-rip)#redistribute static 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2235 


Command Reference Guide Router (RIP) Configuration Command Set 





timeout-timer <va/ue> 


Use the timeout-timer command to set the timeout timer value for a route when it is learned via RIP. Each 
time a RIP update for that route is received, the timeout timer is reset to this value. If no updates for that 
route are received in the specified number of seconds and the timeout timer expires, the route is considered 
invalid, and it will be removed from the route table. Use the no form of this command to return to the 
default settings. 


Syntax Description 





<value> Sets the timeout-timer value. Valid range is 5 to 4,294,967,295 seconds. 


Default Values 





By default, this value is set at 180 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 


Note that the timeout timer value cannot be set to a value less than the update-timer value. It is 
recommended that this timer be set to a value that is three times the value of the update-timer (refer to 
update-timer <value> on page 2237). 


Usage Examples 





The following example configures the router to mark routes invalid if no RIP updates for those routes are 
received within 120 seconds. 


(config)#router rip 
(config-rip)#timeout-timer 120 
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update-timer <va/ue> 
Use the update-timer command to set the value of the RIP update interval timer. The RIP update interval 


is the number of seconds which must elapse between RIP update packet transmissions. Use the no form of 
this command to return to the default settings. 


Syntax Description 





<value> Specifies the number of seconds allowed to elapse between RIP update 
packet transmissions. Valid range is 5 to 4,294,967,295 seconds. 


Default Values 





By default, this value is set at 30 seconds. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Note that the timeout-timer value cannot be set to a value less than the update-timer value. It is 
recommended that the timeout-timer be set to a value that is three times the value of the update-timer. 
(Refer to timeout-timer <value> on page 2236 for more information.) 


Usage Examples 





The following example sets the rate at which RIP update messages are transmitted from the router to 
20 seconds. 


(config)#router rip 
(config-rip)#update-timer 20 
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version 


Use the version command to specify (globally) the Routing Information Protocol (RIP) version used on all 
IP interfaces. This global configuration is overridden using the configuration commands ip rip send 
version and ip rip receive version. Use the no form of this command to return to the default value. 
Variations of this command include: 


version 1 
version 2 


Syntax Description 





1 Specifies RIP version 1 be used globally. 
2 Specifies RIP version 2 be used globally. 


Default Values 





By default, RIP is not enabled. 


Command History 





Release 1.1 Command was introduced. 


Usage Examples 





The following example specifies RIP version 2 as the global RIP version: 


(config)#router rip 
(config-rip)#version 2 
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VOICE COMMAND SETS 


This section includes the following command sets: 


ISDN Group Configuration Command Set on page 2240 
Voice Auto Attendant Configuration Command Set on page 2249 
Voice CODEC List Configuration Command Set on page 2252 


Voice CoS Command Set on page 2256 

Voice Line Configuration Command Set on page 2292 
Voice Mail CoS Command Set on page 2314 

Voice Operator Group Command Set on page 2322 
Voice Ring Group Command Set on page 2337 

Voice Trunk Analog Command Set on page 2355 
Voice Trunk Group Command Set on page 2388 

Voice Trunk ISDN Command Set on page 2395 

Voice Trunk SIP Command Set on page 2420 

Voice Trunk TI Command Set on page 2448 

Voice User Configuration Command Set on page 2487 
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ISDN GROUP CONFIGURATION COMMAND SET 





To activate the ISDN Group Configuration mode, enter the isdn-group command at the Global 
configuration command prompt. For example: 


>enable 

#configure terminal 
(config)#isdn-group 1 
(config-isdn-group 1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


accept-number <number> on page 2241 

call-type voice on page 2242 

connect pri on page 2243 
incoming-accept-number <number> on page 2244 
max-channels <value> on page 2246 
min-channels <value> on page 2247 


resource pool-member <name> on page 2248 
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accept-number <number> 


Use the accept-number command to specify the incoming number to be accepted by this ISDN group. 
This number will be accepted and passed from the Network to the end users. 


Syntax Description 


<number> Specifies the incoming number to be accepted by this ISDN group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies that ISDN group 1 will accept calls from 256-555-1234: 


(config)#isdn-group 1 
(config-isdn-group 1)#accept-number 2565551234 
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call-type voice 


Use the call-type command to specify the type of communication allocated for this group. Use the no form 
of this command to return to the default value. 


Syntax Description 


voice Specifies use as voiceband line. 


Default Values 





By default, the call type is set to voice. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the call type for ISDN group 1 to voice: 


(config)#isdn-group 1 
(config-isdn-group 1)#call-type voice 
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connect pri 


Use the connect pri command to associate a specific interface with the ISDN group. Use the no form of 
this command to disconnect the specified interface from the ISDN group. 


Syntax Description 


pri Connects a PRI interface to the ISDN group. Type connect ? for a list of 
valid interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example associates the pri 1 interface with ISDN group 1: 


(config)#isdn-group 1 
(config-isdn-group 1)#connect pri 1 
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incoming-accept-number <number> 


Use the incoming-accept-number command to configure the incoming number to be accepted by this 
group from the PSTN. Use the no form of this command to remove a configured accept number. 


Syntax Description 


<number> Specifies the phone number(s) accepted for this ISDN group. The accept 
number entered should match the digits that populate the Called Party 
Information Element received on the ISDN interface for the call. Refer to the 
Functional Notes for more information on entering the number. 


Default Values 





By default, there are no configured incoming accept numbers. The ISDN group will not be able to accept 
calls without a configured incoming accept number. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





Special characters (parentheses, commas, and dashes) can be entered in the incoming-accept-number for 
readability, but they are ignored by the system. Incoming-accept-numbers are entered as a single number, 
or as a range of numbers using the available wildcard characters. The following wildcards can be used to 
define numbers: 


xX Any single digit 0 through 9 

N Any single digit 2 through 9 

[1,2,3] Specifies single digit in this group 

$ Any number; effectively functions as a “don’t care” 


The following list provides some examples for proper wildcard usage: 


Incoming Accept Number(s) Entry 
555-1111 and 555-1112 555-111[1,2] 
All numbers from the 916 area code 916$ 


Numbers between 555-1000 and 555-2000 555-[1,2]XXX 


Wildcard characters are especially useful in situations where ISDN hunt groups are deployed and the 
ISDN interfaces are all assigned to the same ISDN group in the router. ISDN hunt groups “bundle” multiple 
ISDN interfaces (with unique LDNs) together into a single group at the central office. When a call to any of 
the LDNs assigned to the ISDN interfaces in the hunt group is received at the central office, the switch 
sends the call to the first available ISDN interface. The ISDN group must be able to accept calls to multiple 
LDNs. Wildcard characters can simplify a configuration by allowing a single entry to match several 
numbers. 
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Usage Examples 





The following example configures the group to accept calls for 256-555-1000 through 256-555-2000: 


(config)#isdn-group 1 
(config-isdn-group 1)#incoming-accept-number 256-555-[1,2]XXX 
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max-channels <value> 


Use the max-channels command to specify the maximum number of channels allocated for the ISDN 
group. Use the no form of this command to return to the default value. 


Syntax Description 


<value> Specifies the maximum number of channels allocated for the ISDN group. 
Valid range is from 1 to 255 channels. 


Default Values 





By default, the maximum number of channels is set to 0. When max-channels is set to 0, the group does 
not limit the number of usable channels and can use all available channels. Use the no max-channels 
command to return to the default value. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example sets the maximum number of channels for ISDN group 1 to 50: 


(config)#isdn-group 1 
(config-isdn-group 1)#max-channels 50 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2246 


Command Reference Guide ISDN Group Configuration Command Set 





min-channels <value> 


Use the min-channels command to specify the minimum number of channels allocated for the ISDN 
group. Use the no form of this command to return to the default value. 


Syntax Description 


<value> Specifies the minimum number of channels allocated for the ISDN group. 
Valid range is from 1 to 255 channels. 


Default Values 





By default, the minimum number of channels is set to 0. When min-channels is set to 0, no channels are 
reserved for this group. This group can use available channels, but does not have any channels 
specifically reserved. Use the no min-channels command to return to the default value. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example sets the minimum number of channels for ISDN group 1 to 10: 


(config)#isdn-group 1 
(config-isdn-group 1)#min-channels 10 
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resource pool-member <name> 


Use the resource pool-member command to assign the group to a resource pool, making it a demand 
routing resource. Use the no form of this command to return to the default value. 


Syntax Description 


<name> Specifies the name of the resource pool to which this group is assigned 


Default Values 





By default, the group is not assigned to any resource pool. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the ISDN group 1 as a member of resource poo! MyPool: 


(config)#isdn-group 1 
(config-isdn-group 1)#resource pool-member MyPool 
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VoICE AUTO ATTENDANT CONFIGURATION COMMAND SET 





To activate the Voice Auto Attendant Configuration mode, enter the voice autoattendant <name> 
<extension> command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice autoattendant Example 1212 
(config-aal212)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


entry-filename <name> on page 2250 
sip-identity on page 2251 
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entry-filename <name> 


Use the entry-filename command to enter the XML file to use for this auto attendant. Use the no form of 
the command to disable the settings. 


Syntax Description 


<name> Specifies the name of the XML filename to use for this auto attendant. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example shows the entry-filename command being executed to select the XML file to use 
for this auto attendant: 


(config)#voice autoattendant Example 1212 
(config-aa1212)#entry-filename Operaa 
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sip-identity 


Use the sip-identity command to configure SIP registration options for the user. Use the no form of the 
command to disable the settings. Variations of this command include the following: 


sip-identity <station> <Txx> 
sip-identity <station> <Txx> register 
sip-identity <station> <Txx> register auth-name <username> password <password> 


Syntax Description 





<station> Specifies the station to be used for SIP trunk (e.g., station extension). 


<Txx> Specifies the SIP trunk through which to register the server. The trunk 
is specified in the format Txx (e.g., T01). 


register Registers the user to the server. 


register auth-name <username> _ Sets the user name that will be required as authentication for 
registration to the SIP server. 


password <password> Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the auto attendant to use extension 5000 as its identity on trunk TO2: 


(config)#voice autoattendant Example 1212 
(config-aal1212)#sip-identity 5000 T02 
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VoIicE CODEC List CONFIGURATION COMMAND SET 


To activate the Voice CODEC List Configuration mode, enter the voice codec-list trunk command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice codec-list trunk 
(config-codec)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


codec on page 2253 
default on page 2255 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2252 


Command Reference Guide Voice CODEC List Configuration Command Set 





codec 


Use the codec command to select either the g71 lulaw or g729 CODEC for call negotiation for a specific 
CODEC list. For information on creating CODEC lists for call negotiation, refer to codec-group <name> 
on page 2493. Use the no form of this command to remove a CODEC list. Variations of this command 
include: 


codec g711alaw 
codec g711ulaw 
codec g729 


Syntax Description 





g711alaw Assigns g711alaw which is mainly used in European telephone networks 
for the conversion between analog and digital signals in PCM applications. 

g711ulaw Assigns g711ulaw as the preferred CODEC for negotiation. 

g729 Assigns g729 (support for Annex A - no VAD) as the preferred CODEC for 
negotiation. 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was expanded to include g711alaw. 


Functional Notes 





The primary reason to assign CODEC lists is to save time. The lists can be created once and applied to 
many users. CODEC lists are lists of CODECs arranged in preferred order with the first listed CODEC 
being the most preferred for negotiation. The order of preference is used primarily to conserve bandwidth 
on WAN-based interfaces. 


For example, create a CODEC list for users where g711ulaw is the first and g729 is the second CODEC 
listed (refer to Usage Examples on the next page). Create a second list for trunks, where g729 is listed first 
and g711ulaw or g711alaw is listed second. Apply the user CODEC list to the users of interest, and apply 
the trunk CODEC list to the trunks of interest. 


When a user makes an outbound call from an FXS port to a SIP trunk, the trunk will look at its CODEC list 
and query the user making the call as to which CODEC is to be used according to its CODEC list. It will 
query with the first CODEC (which in this example is g729). If this CODEC is listed in the CODEC list that 
is applied to the user (even though it is second), then g729 is agreed upon and the call will be converted 
and sent out the trunk. This is the most bandwidth conservative CODEC in this case. 


When a user makes an outbound call from an FXS port to a SIP trunk, the trunk will query the user with the 
first CODEC on its list (which in this example is g729). If g729 is listed in the user’s CODEC list (even 
though it is second), then g729 is agreed upon and the call will be converted and sent out the trunk. This is 
the most bandwidth conservative CODEC in this case. 
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In this case a fax machine where g729 is not viable, the user’s CODEC list will only include g711ulaw. The 
codec command can be used in the user command set and assigned g711ulaw directly to the user rather 
than creating a separate list for this task. It should be noted that if an individual CODEC is assigned using 
the codec command and a CODEC list is also defined, then the individual CODEC will be processed first 
and the CODEC list will be processed second.) When the fax machine makes an outbound call, the trunk 
will again query the user if g729 is available. This query will fail to negotiate, and the trunk will query the 
user with the next CODEC in its list (g711ulaw). This CODEC will match the one listed for the user and be 
used to send the fax out the trunk. 


Usage Examples 


The following example selects the g729a CODEC (support for Annex A - no VAD) for call negotiation for 
the CODEC list trunk. 





(config)#voice codec-list trunk 
(config-codec)#codec g729a 
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default 


Use the default command to set a CODEC list as the default for call negotiation. Use the no form of this 
command to remove a default CODEC list. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the CODEC list trunk as the default for call negotiation: 


(config)#voice codec-list trunk 
(config-codec)#default 
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VoICE COS COMMAND SET 


To activate the Voice Class-of-Service (CoS) Configuration mode, enter the voice class-of-service 
command at the Global Configuration command prompt. For example: 


>enable 

#configure terminal 

(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


aa-initiate-permit <template> on page 2258 
billing-codes on page 2259 
block-caller-id on page 2260 
call-privilege on page 2261 

camp-on on page 2263 

conference on page 2264 

default-level on page 2265 

deny-template <template> on page 2266 
disable-callwaiting on page 2267 

dnd on page 2268 

door-phone on page 2269 

external-fwd on page 2270 

forward on page 2271 

hold on page 2272 

hotel on page 2273 

logout-group on page 2274 
message-waiting on page 2275 
overhead-paging on page 2276 
override-passcode <passcode> on page 2277 
park on page 2278 

permit template <number> on page 2279 
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program-user-speed on page 2280 
redial on page 2281 
remote-fwd on page 2282 
rename <name> on page 2283 
retrieve-park on page 2254 
return-last-call on page 2285 
station-lock on page 2286 
system-mode on page 2287 
system-speed on page 2288 
transfer on page 2289 
unlock-door on page 2290 
user-speed on page 229] 
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aa-initiate-permit <template> 


Use the aa-initiate-permit command to enable the handsfree auto answer feature. Handsfree voice 
communication (similar to using a speakerphone or intercom) will be available for the programmed 
number template. When using aa-initiate-permit, the receiving party’s phone automatically answers the 
phone. Use the no form of this command to disable this feature. 


Syntax Description 





<template> Allows users with the specified number template to initiate auto answer 
calls. 


Default Values 





By default, aa-initiate-permit is disabled. 


Command History 





Release 13.1 Command was introduced. 


Functional Notes 


In order to place an Auto Answer call, you must dial ** prior to the number. Users can also program ** as a 
softkey to dial ** separately before dialing the number to call. Users must dial *971 to block Auto Answer 
calls and *970 to reactivate the feature. 


Usage Examples 





The following example enables the handsfree auto answer for users with the extension range of 4200 to 
4299: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#aa-initiate-permit 42xx 
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billing-codes 
Use the billing-codes command to enable a billing account code collection. If enabled, users must enter a 


billing code prior to dialing a number. This feature is useful for controlling access to the long distance 
privileges. Use the no form of this command to disable account code collection. 


Syntax Description 





No subcommanas. 


Default Values 





By default, billing codes are disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables account code collection in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#billing-codes 
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block-caller-id 


Use the block-caller-id command to conceal caller ID information for outbound calls. Use the no form of 


this command to allow caller ID for outbound calls. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the block-caller-id feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example blocks caller ID for outbound calls in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#block-caller-id 
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call-privilege 


Use the call-privilege command to assign general call privileges for outbound access. This determines 
what type of calls a user is permitted to make as a member of this CoS. Use the no form of this command 
to remove general call privileges for outbound access. Variations of this command include: 


call-privilege 900-number 
call-privilege all 

call-privilege extensions 
call-privilege international 
call-privilege local 

call-privilege long-distance 
call-privilege operator-assisted 
call-privilege specify-carrier 
call-privilege toll-free 

call-privilege [user1 | user2 | user3] 


Syntax Description 





900-number Permits 900 calls in the form 1-900-NXX-XXXX and 976-XXXX. 
all Permits all calls. 

extensions Permits internal calls. 

international Permits international calls in the form 011-number. 

local Permits local calls in the form NXX-XXXX. 

long-distance Permits long distance calls in the form 1-NXX-NXX-XXXX. 
operator-assisted Permits operator assisted calls. 

specify-carrier Permits calls that specify carrier. 

toll-free Permits toll free calls. 

user1 Permits calls that match the first user-defined template. 
user2 Permits calls that match the second user-defined template. 
user3 Permits calls that match the third user-defined template. 
Valid characters include: 0-9 - Any single digit. 


X - Any single digit 0 through 9. 
N - Any single digit 2 through 9. 


Default Values 





By default, no call privileges are enabled. 


Command History 





Release 10.1 Command was introduced. 
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Usage Examples 





The following example permits long distance calls in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#call-privilege long-distance 
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camp-on 
Use the camp-on command to allow automatic retry of a busy extension. This feature enables a user to 


reach the busy party as soon as the line is available. Use the no form of this command to disable automatic 
retry. 


Syntax Description 





No subcommanas. 


Default Values 





By default, the camp-on feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables automatic retry of a busy extension in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#camp-on 
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conference 
Use the conference command to allow initiation of three-way conference calls. This feature allows 


multiple parties to communicate at the same time on the same line. Use the no form of this command to 
return to the default setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, three-way conference call feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows the initiation of three-way conference calls in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#conference 
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default-level 


Use the default-level command to set this CoS level as the default. When enabled, new users that are 


added to the system are assigned this CoS by default. To change the default from this CoS level, use the no 


form of this command. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the rule set set1 as the default CoS level: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#default-level 
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deny-template <femplate> 


Use the deny-template command to configure a number template that specifies the types of calls that users 
in this CoS are not allowed to make. Use the no form of this command to remove a deny template. 


Syntax Description 
<template> Specifies a number template. All calls matching this pattern will be denied. 
Valid characters include: 
0-9 - Any single digit. 
X - Any single digit 0 through 9. 
N - Any single digit 2 through 9. 
M - Any single digit 2 through 8. 
[] - Any single digit of those within the brackets. 
-(), - Punctuation characters that are ignored. 


For example: 555-81XX matches 555-8100 through 555-8199 and 
555-81 2[0,1,2] matches 555-8120 through 555-8122. 


Default Values 





No default necessary for this command. 


Command History 


Release 10.1 Command was introduced. 


Usage Examples 





The following example denies users in rule set set1 the ability to make any call beginning with 555: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#deny-template 555-xxxx 
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disable-callwaiting 
Use the disable-callwaiting command to allow users to control the call waiting feature. Disabling call 


waiting will block the alert of an incoming call while the user in on the phone. Use the no form of this 
command to enable call waiting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, call waiting is enabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to disable call waiting: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#disable-callwaiting 
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dnd 


Use the dnd command to enable do-not-disturb. Do-not-disturb makes the line appear busy to incoming 
calls. Use the no form of this command to return to the default setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the do-not-disturb feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables the do-not-disturb feature in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#dnd 
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door-phone 


Use the door-phone command to allow the user to call the door phone using a special prefix (SPRE) code. 
Use the no form of this command to deny door phone access. 


Syntax Description 


No subcommanads. 


Default Values 





By default, door-phone access is denied. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example allows door phone access in voice class-of-service rule set named set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#door-phone 
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external-fwd 
Use the external-fwd command to allow forwarding of calls to an external number. When enabled, the 


users can forward their phones to lines outside the system such as their home numbers. Use the no form of 
this command to disable external call forwarding. 


Syntax Description 





No subcommanas. 


Default Values 





By default, forwarding calls to an external number is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to forward calls to an external number: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#external-fwd 
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forward 
Use the forward command to allow users to forward calls to another extension. Forwarding calls allows 


the user to receive incoming calls at a different number. Use the no form of this command to end call 
forwarding. 


Syntax Description 





No subcommanas. 


Default Values 





By default, internal call forwarding is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to forward calls: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#forward 
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hold 


Use the hold command to allow users to place calls on standby. Use the no form of this command to 
disable the call hold option. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the call hold option is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables users in rule set set1 to place a call on hold: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#hold 
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hotel 


Use the hotel command to allow extension reassignment to an alternate phone. Use the no form of this 
command to disable extension reassignment. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the hotel feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables users in rule set set1 to reassign an extension to an alternate phone: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#hotel 
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logout-group 


Use the logout-group command to allow a user to issue a special prefix (SPRE) command to log out of a 
user group. Use the no form of this command to deny the ability to log out of a user group. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the ability to log out of a user group is denied. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example allows the user in rule set set1 to log out of a user group: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#logout-group 
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message-waiting 
Use the message-waiting command to allow message waiting indicator control. This allows users to 


change the manner in which message notification takes place. Use the no form of this command to disable 
message waiting indicator control. 


Syntax Description 





No subcommanas. 


Default Values 





By default, control of the message waiting indicator is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to manage message waiting indicators: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#message-waiting 
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overhead-paging 


Use the overhead-paging command to allow the user to connect to overhead paging using a special prefix 
(SPRE) code. Use the no form of this command to deny the ability to connect to overhead paging. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the ability to connect to overhead paging is denied. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example allows the user in rule set set1 to connect to overhead paging: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#overhead-paging 
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override-passcode <passcode> 


Use the override-passcode command to assign an override passcode. This four-digit code is used in 


conjunction with the CoS override feature and enables a user to override an extension’s configured CoS 
with the new CoS as defined by the passcode. Use the no form of this command to remove an override 


passcode. 


Syntax Description 





<passcode> Specifies a four-digit numerical passcode. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the override passcode to 1234 in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#override-passcode 1234 
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park 


Use the park command to allow users to park calls on the system. Use the no form of this command to 
disable the call parking feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the parking feature is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example allows users to park calls in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#park 
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permit template <number> 
Use the permit template command to configure call privilege additions that are permitted access only. 


This specifically allows an otherwise restricted number to be dialed. Use the no form of this command to 
remove the template. 


Syntax Description 





<number> Specifies the number that may be dialed. The number is in the form 
NXX-XXXX, where N is 2 to 9 and X is 0 to 9. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example allows the number 325-1234 to be dialed in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#permit template 325-1234 
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program-user-speed 


Use the program-user-speed command to allow users to access speed dial functionality through the 
system. Use the no form of this command to disable the speed dialing feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the speed dial feature is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables the speed dial feature for users in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#program-user-speed 
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redial 


Use the redial command to grant users access to the redial functionality which redials the last outgoing 
number. Use the no form of this command to disable last number redial. 


Syntax Description 


No subcommanas. 


Default Values 





By default, the last number redial feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables the last number redial feature in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#redial 
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remote-fwd 


Use the remote-fwd command to allow a user to control call forwarding from a remote location. Use the 
no form of this command to disable remote forwarding. 


Syntax Description 


No subcommanads. 


Default Values 





By default, remote forwarding feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to enable call forwarding from a remote location: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#remote-fwd 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2282 


Command Reference Guide Voice CoS Command Set 





rename <name> 


Use the rename command to assign a new name to the CoS rule set. 


Syntax Description 





<name> Specifies the new name of the CoS rule set. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example changed the name of rule set set1 to accounting: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#rename accounting 
(config-cos-accounting)# 
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retrieve-park 


Use the retrieve-park command to allow the retrieval of parked calls. Use the no form of this command to 
disable the retrieve parked calls feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the retrieve parked calls feature is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables retrieval of parked calls in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#retrieve-park 
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return-last-call 


Use the return-last-call command to allow users to return the last call received. Use the no form of this 


command to disable the return last call received feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the return-last-call feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to return the last call received: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#return-last-call 
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station-lock 


Use the station-lock command to allow users to lock an extension, preventing it from making outbound 
calls. Use the no form of this command to revoke user’s ability to disable outbound calling capabilities. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the station-lock feature is disabled. Users are not allowed to block their extension’s capability 
to place outbound calls. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables the station-lock feature in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#station-lock 
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system-mode 
Use the system-mode command to enable the system mode feature for this class of service (CoS). Once 


enabled, users to whom this CoS is applied can activate different system modes on the unit via the CLI, 
SPRE codes, auto attendant, or the GUI. Use the no form of the command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example enables the system mode feature for users with the applied CoS sett: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#system-mode 
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system-speed 


Use the system-speed command to enable system speed dial usage for the system. Use the no form of this 


command to disable the system speed setting. 


Syntax Description 


No subcommanads. 


Default Values 





By default, system-speed is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables configuration of the system speed in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#system-speed 
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transfer 


Use the transfer command to allow users to perform call transfers. Use the no form of this command to 
disable call transfers. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the call transfer feature is disabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to perform call transfers: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1 )#transfer 
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unlock-door 


Use the unlock-door command to enable the user to use a special prefix (SPRE) code to control the door 
contact. Use the no form of this command to disable door contact operation. 


Syntax Description 


No subcommanads. 


Default Values 





By default, door contact operation is disabled. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example enables door contact operation in rule set set1: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#unlock-door 
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user-speed 


Use the user-speed command to allow users to program speed dial numbers. Use the no form of this 
command to deny this privilege. 


Syntax Description 


No subcommanads. 


Default Values 





By default, user speed dial programming is not allowed. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example allows users in rule set set1 to program speed dial numbers: 


(config)#voice class-of-service set1 
Configuring Existing Level “set1”. 
(config-cos-set1)#user-speed 
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VOICE LINE CONFIGURATION COMMAND SET 





To activate the Voice Line Configuration mode, enter the voice line command at the Global Configuration 
mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice line sales 
(config-sales)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


description <text> on page 48 
do on page 49 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


accept <pattern> on page 2293 

alc on page 2295 

codec-group <name> on page 2296 
coverage on page 2297 
echo-cancellation on page 2299 

nls on page 2300 

num-rings <value> on page 2301 
password <password> on page 2302 
plc on page 2303 

reject <pattern> on page 2304 

rtp delay-mode on page 2306 

rtp dtmf-relay on page 2307 

rtp frame-packetization <value> on page 2308 
rtp packet-delay on page 2309 

rtp qos dscp <value> on page 2310 
seize-timeout <seconds> on page 2311 
trunk <Txx> on page 2312 

vad on page 2313 
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accept <pattern> 


Use the accept command to specify numbers that users can dial. This command controls the type of 
outbound calls users can place. Use the no form of this command to remove a configured dial pattern and 
return to the default setting. Variations of this command include: 


accept <paittern> 


Syntax Description 





<pattern> Specifies the patterns users can dial. You can enter a complete phone 
number or wildcards can be used to help define accepted numbers. Refer to 
Functional Notes below for more information on using wildcards. 


Default Values 





By default, the cost value is zero. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Functional Notes 





The available wildcards for this command are: 


M = Any digit 1 to 8. 

X = Any single digit (0 to 9). 

N = Any digit 2 to 9. 

$ = Any number of digits of any value. 

[abc] = Any digit contained in the bracketed list. 





numbers in the brackets. 


Wor Do not use dashes, commas, spaces, etc., inside the brackets. Commas are implied between 





The special characters ( ), -, + are always ignored. 


Examples: 1) 555-81xx matches 555-8100 to 555-8199. 
2) 555-812[012] matches 555-8120 to 555-8122. 
3) 1-800$ matches any 1-800 calls. 
4) Nxx-xxxx matches 7 digit local. 
) 


5) 1-Nxx-Nxx-xxxx matches long distance calls in North America. 
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Usage Examples 





The following example allows users on the line sales to dial any local number: 


(config)#voice line sales 
(config-sales)#accept Nxxxxxx 
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alc 
Use the ale command to enable auto level control (ALC). ALC reduces RTP received signals that are out 


of specification to the predefined levels. It is not necessary to enable ALC on those networks that 
guarantee signal levels to be within specification. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example activates the ALC for line sales: 


(config)#voice line sales 
(config-sales)#alc 
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codec-group <name> 


Use the codec-group command to configure the CODEC list to use for the account. It is necessary to 
define the CODEC lists to specify the CODEC order (refer to voice codec-list <name> on page 958 for 
information). Next, use the Voice CODEC List Configuration Command Set on page 2252 to define the 
specific CODEC for each group to use for negotiation. Use the no form of this command to return to the 
default setting. 


Syntax Description 





<name> Specifies the name of the CODEC list to be used for the voice line account. 


Default Values 





By default, no CODEC lists are assigned to this interface. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 


The following example activates the CODEC list with the name trunk: 


(config)#voice line sales 
(config-sales)#codec-group trunk 
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coverage 


Use the coverage command to configure call coverage parameters for the line. The call coverage setting 
determines how a call is handled if the party dialed does not answer after a specified number of rings. Use 
the no form of this command to remove an individual coverage parameter. Variations of this command 
include: 


coverage aa 

coverage aa <number> 

coverage internal <number> num-rings <value> 
coverage operator 

coverage operator num-rings <value> 

coverage override <value> 

coverage vm 

coverage vm <number> 

coverage [<system modes] aa 

coverage [<system mode>] aa <number> 

coverage [<system mode>] external <number> 
coverage [<system modes] internal <number> 
coverage [<system mode>] internal <number> num-rings <value> 
coverage [<system mode>] operator 

coverage [<system mode>] operator num-rings <va/ue> 
coverage [<system mode>] vm 

coverage [<system mode>] vm <number> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 


aa <number> Forwards the call to the auto attendant. It is optional to enter a specific 
extension programmed for the auto attendant. If no extension is specified 
the phone is forwarded to the default auto attendant. 


external <number> Forwards the call to the specified external number. If no number is entered, 
the default auto answer is used. 

internal <number> Forwards the call to the specified internal number. 

num-rings <value> Optional. Specifies the number of rings for the call before performing the 
next action. Valid range is 1 to 9. 

operator Forwards the call to the operator. 

override Ignores the programmed system mode schedule. 

vm Forwards the call to voicemail. 

vm <number> Optional. Forwards the call to the specified mailbox number. 
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Default Values 





By default, no call coverage is specified. 


Command History 





Release 9.3 Command was introduced. 

Release 11.1 Command was updated to include the voicemail and number of rings 
options. 

Release 12.1 Command was updated to include auto attendant, global, and operator 
options. 

Release A1 Command was updated to include system mode feature options. 


Functional Notes 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 





The following example specifies that the line be forwarded after 3 rings to the internal extension 8500 when 
in the night system mode: 


(config)#voice line sales 
(config-sales)#coverage night internal 8500 num-rings 3 
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echo-cancellation 
Use the echo-cancellation command to improve voice quality for packetized based voice calls such as 


voice over IP (VoIP) or Media Gateway Control Protocol (MGCP). Use the no form of this command to 
disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, echo-cancellation is enabled. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example activates echo-cancellation for voice line sales: 


(config)#voice line sales 
(config-sales)#echo-cancellation 
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nis 


Use the nls command to enable the non-linear suppression (NLS) option for the line. This option sets the 
echo canceler to reduce acoustic echo. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example enables NLS for voice line sales: 


(config)#voice line sales 
(config-sales)#nls 
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num-rings <va/lue> 


Use the num-rings command to specify the number of rings for call pickup before the system redirects the 
call. Each system-mode call coverage action can be configured with a different number of rings based on 
preference. Use the no form of this command to return to the default setting. Variations of this command 
include: 


num-rings <value> 
num-rings [<system mode>] <value> 
num-rings override <value> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 


override Ignores the programmed system mode schedule. 
<value> Specifies the number of rings before the next action. The valid range is 
1 to 9. 


Default Values 





By default, num-rings is set to 4. 


Command History 





Release 9.3 Command was introduced. 
Release A1 Command was updated to include system mode feature options. 


Functional Notes 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 





The following sets the number of rings for voice line sales to 6: 


(config)#voice line sales 
(config-sales)#num-rings 6 
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password <password> 


Use the password command to create a password or personal identification number (PIN) to protect voice 
settings and messages. Use the no form of this command to remove a password. 





Phone Configs” Web page. 


Wor The password configured must be used when configuring the IP phone using the “IP 





Syntax Description 





<password> Specifies a 4-digit password or PIN. 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following sets the password for voice line sales to 4321: 


(config)#voice line sales 
(config-sales)#password 4321 
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plc 


Use the ple command to enable packet loss concealment (PLC). PLC is used to prevent choppy 
connections by concealing a packet loss by replacing the lost packet with another voice packet in the data 
stream. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 
By default, PLC is enabled. 





Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following disables PLC for the voice line sales: 


(config)#voice line sales 
(config-sales)#no plc 
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reject <pattern> 
Use the reject command to specify numbers users cannot dial on the line. This features allows 


administrators to restrict callers from unwanted outbound calls such as international calls and 900 
numbers. Use the no form of this command to disable this feature. 


Syntax Description 





<pattern> Specifies the patterns that users cannot dial on the line. You can enter a 
complete phone number or wildcards can be used to help define rejected 
numbers. Refer to Functional Notes below for more information on using 
wildcards. For example, you can enter 900$ to prevent users from dialing all 
900 numbers. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Functional Notes 


The available wildcards for this command are: 


M = Any digit 1 to 8. 

X = Any single digit (0 to 9). 

N = Any digit 2 to 9. 

$ = Any number of digits of any value. 

[abc] = Any digit contained in the bracketed list. 





Do not use dashes, commas, spaces, etc., inside the brackets. Commas are implied between 
numbers in the brackets. 


The special characters ( ), -, + are always ignored. 


Examples: 1) 555-81xx matches 555-8100 to 555-8199. 
2) 555-812[012] matches 555-8120 to 555-8122. 
3) 1-800$ matches any 1-800 calls. 
4) Nxx-xxxx matches 7 digit local. 
) 


5) 1-Nxx-Nxx-xxxx matches long distance calls in North America. 
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Usage Examples 





The following example blocks calls to any 900 number on the line sales: 


(config)#voice line sales 
(config-sales)#reject 1900$ 
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rtp delay-mode 


Use the rtp delay-mode command to configure the Realtime Transport Protocol (RTP) jitter buffer packet 
delay mode settings. RTP is used to prevent static on voice connections by enhancing the quality of the 
packet delivery. Use the no form of this command to return to the default settings. Variations of this 
command include: 


rtp delay-mode adaptive 
rtp delay-mode fixed 


Syntax Description 





adaptive Configures the RTP jitter buffer packet delay to adjust during a call based 
on network conditions. 


fixed Configures the RTP jitter buffer packet delay to remain constant. 


Default Values 


By default, the RTP delay mode is set to adaptive. This allows for minimal latency by adjusting the 
average packet delay based on the conditions of the network. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example configures RTP delay mode as fixed: 


(config)#voice line sales 
(config-sales)#rtp delay-mode fixed 
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rtp dtmf-relay 


Use the rtp dtmf-relay command to configure the method by which Realtime Transport Protocol (RTP) 
Dual Tone Multi-Frequency (DTMF) events are relayed. The dial digits can be sent inband or out-of-band 
of the voice stream. Use the no form of this command to return to the default value. Variations of this 
command include: 


rtp dtmf-relay inband 
rtp dtmf-relay nte <va/ue> 


Syntax Description 





inband Specifies that RTP DTMF events be relayed inband in the RTP stream. 


nte <value> Specifies that RTP DTMF events be relayed out-of-band using NTE. Enter 
an NTE value between 96 and 127. 


Default Values 
By default, the rtp dtmf-relay is set for NTE 101. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example configures RTP DTMF relay events for inband: 


(config)#voice line sales 
(config-sales)#rtp dtmf-relay inband 
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rtp frame-packetization <value> 
Use the rtp frame-packetization command to configure the Realtime Transport Protocol (RTP) frame 


packetization time in milliseconds for individual trunks and users. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Configures the RTP frame packetization time value in milliseconds. Select 
from 10, 20, or 30 milliseconds. 


Default Values 





By default, the rtp frame-packetization time is set to 20 milliseconds on all trunks and users. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example sets the frame packetization time for voice line sales to 10 milliseconds: 


(config)#voice line sales 
(config-sales)#rtp frame-packetization 10 
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rtp packet-delay 


Use the rtp packet-delay command to configure the maximum Realtime Transport Protocol (RTP) packet 
delays. This command is used to set the allowable limits of latency on the network. Use the no form of this 
command to return to default values. Variations of this command include: 


rtp packet-delay maximum <value> 
rtp packet-delay nominal <value> 


Syntax Description 





maximum <value> Sets the maximum delay time value in increments of 10 milliseconds. 
Range is 40 to 320 milliseconds. 


nominal <value> Sets the nominal delay time value in increments of 10 milliseconds. Range 
is 10 to 240 milliseconds. 


Default Values 


By default, the RTP packet delay for maximum is 100, and for nominal is 50. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example configures the RTP maximum delay time on voice line sales to 200 milliseconds: 


(config)#voice line sales 
(config-sales)#rtp packet-delay maximum 200 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2309 


Command Reference Guide Voice Line Configuration Command Set 





rtp qos dscp <value> 
Use the rtp qos dscp command to configure the maximum Realtime Transport Protocol (RTP) quality of 


service (QoS) parameters for differentiated services code point (DSCP). Use the no form of this command 
to return to default values. 


Syntax Description 





<value> Configures the RTP QoS parameter for DSCP. Enter a value between 
10 and 63. 


Default Values 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Functional Note 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. QoS is set using a Differentiated Services Code Point, or DSCP value. Valid 
DSCP values are 10-63, and a higher DSCP value has a higher priority. The default DSCP value for RTP is 
46. Remember that if you are using a public IP connection, such as the Internet, for voice over IP, 
end-to-end QoS may not be guaranteed. The default DSCP value for SIP is 26. To configure QoS for the 
RTP traffic that carries the voice conversation, use the command, ip rtp qos dscp followed by the desired 
DSCP value. 


Usage Examples 





The following example configures the RTP QoS DSCP for voice line sales to 46: 


(config)#voice line sales 
(config-sales)#rtp qos dscp 46 
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seize-timeout <seconds> 


Use the seize-timeout command to specify the maximum time the trunk will be seized before placing a 
call. Use the no form of this command to return to the default timeout interval. 


Syntax Description 





<seconds> Specifies maximum number of seconds the trunk will be seized before 
placing a call. Valid range is 5 to 120 seconds. 


Default Values 





By default, the seize-timeout period is set to 30 seconds. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets the seize-timeout period to 20 seconds: 


(config)#voice line sales 
(config-sales)#seize-timeout 20 
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trunk <Txx> 


Use the trunk command to specify the trunk the voice line will use. Use the no form of this command to 
remove a configured trunk group. 


Syntax Description 





<Txx> Specifies an ID number for the trunk. The trunk ID is in the format Txx 
where xx is the trunk ID number. Enter a trunk ID between 1 and 99. For 
example, trunk T02. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example adds trunk T02 to the voice line sales: 


(config)#voice line sales 
(config-sales)#trunk t02 
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vad 


Use the vad command to enable voice activity detection (VAD). VAD blocks out noise categorized as 
silence during a voice connection. The silent voice packets are not transmitted, allowing bandwidth usage 
to be reduced. Although VAD saves bandwidth, the quality of the voice call may be compromised. Use the 
no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VAD is enabled for all T1 RBS trunks and users. 





Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Line Interface. 


Usage Examples 





The following example disables VAD on voice line sales: 


(config)#voice line sales 
(config-sales)#no vad 
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VoIcE MAIL COS COMMAND SET 





To activate the Voice Mail Class-of-Service (CoS) Configuration mode, enter the voice mail 
class-of-service command at the Global Configuration command prompt. For example: 


>enable 

#configure terminal 

(config)#voice mail class-of-service class1 
Configuring Existing Level “class1”. 
(config-vm-class1)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


do on page 49 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


expire-time <days> on page 2315 
greeting-length-max <time> on page 2316 
greeting-quota <time> on page 2317 
message-length-max <time> on page 2318 
message-quota <time> on page 2319 
prompt-delete on page 2320 


rename <name> on page 2321 
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expire-time <days> 


Use the expire-time command to set the number of days before a voice mail message expires. Use the no 
form of this command to return to the default value. 


Syntax Description 


<days> Specifies the number of days until a message expires. Valid range is 5 to 60 
days. A value of 0 means messages will never expire. 


Default Values 





By default, the number of days is set to 0 which means messages will never expire. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the voice mail CoS class1 to delete voice mail messages after 14 days: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#expire-time 14 
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greeting-length-max <time> 


Use the greeting-length-max command to set the maximum length (in seconds) for a voice mail greeting. 
Use the no form of this command to return to the default value. 


Syntax Description 


<time> Specifies the length in seconds for a voice mail greeting. Valid range is 20 to 
120 seconds. 


Default Values 





By default, the maximum voice mail greeting time is set to 60 seconds. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the maximum length for a voice mail greeting in rule set class1 to 60 
seconds: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#greeting-length-max 60 
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greeting-quota <time> 


Use the greeting-quota command to set the maximum storage time (in minutes) of all greeting messages. 
Use the no form of this command to return to the default value. 


Syntax Description 


<time> Specifies the maximum storage time (in minutes) for the storage of all 
greeting messages. Valid range is 1 to 9 minutes. 


Default Values 





By default, the maximum storage time for all greeting messages is 3 minutes. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the maximum storage time for all greeting messages in rule set class1 
to 5 minutes: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#greeting-quota 5 
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message-length-max <time> 


Use the message-length-max command to set the maximum length (in seconds) for a voice mail message. 
Use the no form of this command to return to the default value. 


Syntax Description 


<time> Specifies the maximum length (in seconds) for a voice mail message. Valid 
range is 30 to 600 seconds. 


Default Values 





By default, the maximum length for a voice mail message is 120 seconds. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example sets the maximum length a voice mail message in rule set class1 to 300 seconds: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#message-length-max 300 
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message-quota <time> 


Use the message-quota command to set the maximum storage time (in minutes) of all voice mail 
messages. Use the no form of this command to return to the default value. 


Syntax Description 


<time> Specifies the maximum storage time (in minutes) of all voice mail messages. 
Valid range is 1 to 180 minutes. 


Default Values 





By default, the maximum storage time of all voice mail messages is 10 minutes. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example sets the maximum storage time of all voice mail messages in rule set class1 to 120 
minutes: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#message-quota 120 
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prompt-delete 


Use the prompt-delete command to configure the unit to prompt the user before deleting messages. Use 
the no form of this command to disable the prompt before deleting messages. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the prompt before deleting messages is disabled. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the unit to prompt the user before deleting voice mail messages: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#prompt-delete 
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rename <name> 


Use the rename command to rename the voice mail class-of-service (CoS) rule set. Use the no form of this 
command to return to the previous name. 


Syntax Description 


<name> Specifies the new name of the CoS rule set. 


Default Values 





No default necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example assigns a new name (class2) to the current CoS rule set class1: 


(config)#voice mail class-of-service class1 
Configuring Existing Level "class1". 
(config-vm-class1)#rename class2 
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VOICE OPERATOR GROUP COMMAND SET 





To activate the Voice Operator Group Interface Configuration mode, enter the voice operator-group 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice operator-group 
(config-operator-group)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


coverage on page 2323 

did <number> on page 2325 

email <address> on page 2326 
email-secondary <address> on page 2327 
login-member <number> on page 2328 
max-inbound <value> on page 2329 
member <number> on page 2330 
num-rings <value> on page 2331 
prefix on page 2332 

sip-identity on page 2333 

type on page 2334 


voicemail on page 2335 
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coverage 


Use the coverage command to configure call coverage parameters for members of this group. The call 
coverage setting determines how a call is handled if the party dialed does not answer after a specified 
number of rings. Use the no form of this command to remove an individual coverage parameter. Variations 
of this command include: 


coverage aa 

coverage aa <number> 

coverage internal <number> 

coverage internal <number> num-rings <value> 
coverage override <value> 

coverage override aa <number> 

coverage override internal <number> 

coverage override internal <number> num-rings <value> 
coverage vm 

coverage vm <number> 

coverage [<system modes] aa 

coverage [<system mode>] aa <number> 

coverage [<system mode>] internal <number> 

coverage [<system mode>] internal <number> num-rings <value> 
coverage [<system mode>] vm 

coverage [<system mode>] vm <number> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 


aa <number> Forwards the call to the auto attendant. It is optional to enter a specific 
extension programmed for the auto attendant. If no extension is specified, 
the phone is forwarded to the default auto attendant. 


internal <number> Forwards the call to the specified internal number. 

num-rings <value> Optional. Specifies the number of rings for the call before performing the 
next action. Valid range is 1 to 9. 

override Ignores the programmed system mode schedule. 

vm Forwards the call to voicemail. 

vm <number> Optional. Forwards the call to the specified mailbox number. 


Default Values 





By default, no call coverage is specified. 
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Command History 





Release 9.3 
Release 11.1 


Release 12.1 


Release A1 


Functional Notes 


Command was introduced. 


Command was updated to include the voicemail and number of rings 
options. 

Command was updated to include auto attendant, global, and operator 
options. 

Command was updated to include System Mode feature options. 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 





The following example specifies that the call be forwarded to the internal extension 8500 after 3 rings. 


(config)#voice operator-group 


(config-operator-group)#coverage internal 8500 num-rings 3 
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did <number> 
Use the did command to configure Direct Inward Dialing (DID) for this group. DID is used if a service 


provider is providing digits to the unit on inbound calls or if the unit needs to provide DID information to a 
piece of CPE equipment. Use the no form of this command to disable this feature. 


Syntax Description 





<number> Defines the DID number assigned to the operator group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example assigns DID 44 to the operator group: 


(config)#voice operator-group 
(config-operator-group)#did 44 
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email <address> 


Use the email command to enter the email address for this operator group. Use the no form of this 
command to disable this feature. 


Syntax Description 


<adadress> Specifies an email address for this group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example creates an email contact for this group: 


(config)#voice operator-group 
(config-operator-group)#email admin@helpdesk.com 
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email-secondary <address> 


Use the email-secondary command to enter a secondary email address for this operator group. Use the no 
form of this command to disable this feature. 


Syntax Description 


<adadress> Specifies a contact email address for this group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example creates a secondary email contact for this group: 


(config)#voice operator-group 
(config-operator-group)#email-secondary lead@helpdesk.com 
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login-member <number> 
Use the login-member command to log an existing member of the operator group into the system. The 


member command must first be used to create a new group member. Use the no form of this command to 
disable this feature. Refer to member <number> on page 2330 for more information. 


Syntax Description 





<number> Specifies the extension number of the user who is logging in. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





This command allows a user to log in and out of an operator group, letting the system know when a user is 
available to accept calls. 


Usage Examples 





The following example logs in the user at extension 4422: 


(config)#voice operator-group 
(config-operator-group)#login-member 4422 
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max-inbound <value> 


Use the max-inbound command to define the maximum number of calls that can be inbound at the same 
time. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the maximum number of calls that can be inbound at the same 
time. Range is 1 to 10 calls. 


Default Values 





By default, the maximum number of inbound calls is set to 1. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of inbound calls to 3: 


(config)#voice operator-group 
(config-operator-group)#max-inbound 3 
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member <number> 


Use the member command to create a new member of the operator group. Use the no form of this 
command to remove a user’s extension from an operator group. 


Syntax Description 


<number> Specifies the extension number of the user to be added as an operator 


group member. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Note 





A user can log in and out of the operator group using the login-member and no login-member 
commands. Refer to login-member <number> on page 2328 for more information. 


Usage Examples 





The following example adds the user at extension 4422 to the operator group: 


(config)#voice operator-group 
(config-operator-group)#member 4422 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


2330 


Command Reference Guide Voice Operator Group Command Set 





num-rings <va/lue> 


Use the num-rings command to specify the number of rings for call pickup before the system redirects the 
call. Each system-mode call coverage action can be configured with a different number of rings based on 
preference. Use the no form of this command to return to return to the default setting. Variations of this 
command include: 


num-rings <value> 
num-rings [<system mode>] <value> 
num-rings override <value> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 


override Ignores the programmed system mode schedule. 
<value> Specifies the number of rings before the next action. Specify 1 trough 9 
rings. 


Default Values 





By default, the maximum number of rings allowed at each extension is 2. 


Command History 





Release 10.1 Command was introduced. 
Release A1 Command was updated to include system mode feature options. 


Functional Notes 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 





The following example sets the maximum number of rings for the operator group to 6: 


(config)#voice operator-group 
(config-operator-group)#num-rings 6 
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prefix 


Use the prefix command to turn on the caller ID prefix for this operator group, causing GRP: to display in 
front of the caller ID information. Use the no form of this command to turn off the prefix. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example turns on the caller ID prefix for operator group: 


(config)#voice operator-group 
(config-operator-group)#prefix 
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sip-identity 


Use the sip-identity command to configure the Session Initiation Protocol (SIP) registration options for 
the user. Use the no form of the command to disable the settings. Variations of this command include the 
following: 


sip-identity <station> <Txx> 
sip-identity <station> <Txx> register 
sip-identity <station> <Txx> register auth-name <username> password <password> 


Syntax Description 





<station> Specifies the station to be used for SIP trunk (e.g., station extension). 


<Txx> Specifies the SIP trunk through which to register the server. The trunk 
is specified in the format Txx (e.g., T01). 


register Registers the user to the server. 


register auth-name <username> Optional. Sets the user name that will be required as authentication 
for registration to the SIP server. 


password <password> Optional. Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 13.1 Command functionality was introduced to this section. 


Usage Examples 





The following example specifies trunk T02 and extension 4400 for SIP identity: 


(config)#voice operator-group 
(config-operator-group)#sip identity 4400 T02 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2333 


Command Reference Guide Voice Operator Group Command Set 





type 


Use the type command to configure the group type for the operator group. Variations of this command 
include: 


type all 

type executive 
type linear 
type ucd 


Syntax Description 





all Configures the group as an all-inclusive operator group. When an operator 
group call comes in, all phones ring simultaneously. 


executive Configures an executive operator group. Refer to email <address> on page 
2343 for more information. 


linear Configures the group as a linear hunt operator group. Member phones ring 
one ata time until the call is picked up. When the next call comes in, the call 
cycle begins again by ringing the first operator group member. Refer to 
member <number> on page 2330 for more information. 

ucd Configures the group as a Uniform Call Distribution (UCD) operator group. 
Member phones ring one at a time until the call is picked up. When the next 
call comes in, the system remembers which member extension it last dialed 
and then continues the call cycle by ringing the next member in the operator 
group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example configures all phones in the operator group to ring each time a call comes in: 


(config)#voice operator-group 
(config-operator-group)#type all 
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voicemail 


Use the voicemail command to configure the voicemail options for the operator group. Use the no form of 


the command to disable the settings. Variations of this command include the following: 


voicemail auth-mode full 
voicemail auth-mode password 
voicemail auto-play 

voicemail envelope-play 
voicemail greeting alternate 
voicemail greeting default 
voicemail greeting standard 
voicemail new-user 

voicemail cos <name> 
voicemail notify email text-only 
voicemail oper-assist <number> 
voicemail password <password> 


Syntax Description 





auth-mode full 


auth-mode password 
auto-play 
cos <name> 


envelope-play 
greeting alternate 
greeting default 
greeting standard 
new-user 

notify email text-only 
oper-assist <number> 
password <password> 


Default Values 


Specifies that the extension and password are required to access 
voicemail. Only the password is required if set to password authentication 
mode. 


Specifies that the password is required to access voicemail. 
Specifies automatic playback of messages when entering the mailbox. 


Configures the voicemail class of service (CoS) type by entering the name 
of the selected CoS. 


Automatically plays message envelopes during message playback. 
Specifies the alternate recorded voicemail greeting to be used. 
Specifies the default voicemail greeting to be used. 

Specifies the user’s standard recorded voicemail greeting to be used. 
Executes the new-user wizard for voicemail configuration. 

Specifies the email address to alert when a new voicemail is received. 
Directs all operator calls to the specified phone number. 

Creates the password or PIN that will be required to access voicemail. 





No default values necessary for this command. 


Command History 





Release 12.1 
Release 15.1 


Command was introduced. 
Command was expanded. 
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Usage Examples 





The following example sets the voicemail CoS for this group to class1: 


(config)#voice operator-group 
(config-operator-group)#voicemail cos class1 
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VOICE RING GROUP COMMAND SET 





To activate the Voice Ring Group Interface Configuration mode, enter the voice ring-group command at 
the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice ring-group xxxx* 
(config-xxxx)# 


*where xxxx = the ring group’s four-digit extension. 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


assistant-extension <number> on page 2338 
cos on page 2339 

coverage on page 2340 

did <number> on page 2342 

email <address> on page 2343 
email-secondary <address> on page 2344 
executive-extension <number> on page 2345 
login-member <number> on page 2346 
max-inbound <value> on page 2347 
member <number> on page 2348 
num-rings on page 2349 

prefix on page 2350 

sip-identity on page 2351 

type on page 2352 


voicemail on page 2353 
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assistant-extension <number> 


se the assi -ex ion command to tie an assistant’s extension to an executive’s extension. 
Use the assistant-extension dtot tant’ t t tive’ t 


for more information. 


Wor This command only applies to a ring groups of type executive. Refer to type on page 2352 





Syntax Description 





<number> Specifies the number of the assistant’s extension. 


Default Values 


No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 


This command is used in conjunction with the executive-extension command (refer to 
executive-extension <number> on page 2345). When the executive’s extension is dialed, both the 
assistant’s and the executive’s phones will ring. If neither phone is answered (or both are busy or set to 
do-not-disturb), the call is forwarded through the executive’s call coverage list. 


Usage Examples 


The following example creates the executive ring group 1234 and causes both the executive (extension 
1234) and the assistant (extension 4444) phones to ring when the executive extension is dialed: 


config)#voice ring-group 1234 
config-1234)#type executive 
config-1234)#executive-extension 1234 
config-1234)#assistant-extension 4444 


anon a mm 
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Cos 


Use the cos command to set class-of-service (CoS) mode for the ring group. The CoS can be set to change 
for the members of the ring group based on the current system mode by including the system mode 
parameter. The CoS defines the types of phone service that will be available to the user during the time 
period. Use the no form of this command to disable this feature. Variations of this command include: 


cos <name> 
cos [<system mode>] <name> 
cos no-access 

cos [<system mode>] no-access 
cos override <name> 

cos override no-access 


Syntax Description 





<name> Specifies the predefined CoS. 


<system mode> Optional. Specifies the system mode to configure. Choose from custom1, 
custom2, custom3, lunch, night, or weekend. Refer to the Functional 
Notes of this command for more information on configuring system modes. 


no-access Blocks users from placing calls when applied to the CoS. 
override Ignores the programmed system mode schedule. 


Default Values 





By default, CoS is set to no-access. 


Command History 





Release 9.3 Command was introduced. 
Release A1 Command was expanded to include the system mode options. 


Functional Notes 


Additional functionality for this feature is provided by assigning a CoS to a specific system mode. When the 
system mode changes at a trigger point, the ring group’s CoS changes. 


For example, a CoS applied to the ring group when the system mode is specified as night can be used to 
prevent outbound calls during evening hours. System modes are defined from the Global Configuration 
mode using the command voice system-mode on page 996. 


Usage Examples 





The following example assigns the CoS Assistant to the ring group 1234: 


(config)#voice ring-group 1234 
(config-1234)#cos Assistant 
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coverage 


Use the coverage command to configure call coverage parameters for members of this group. The call 
coverage setting determines how a call is handled if the party dialed does not answer after a specified 
number of rings. Use the no form of this command to remove an individual coverage parameter. Variations 


of this command include: 


coverage aa 
coverage aa <number> 


coverage internal <number> 


coverage internal <number> num-rings <value> 


coverage operator 


coverage operator num-rings <value> 


coverage override aa 


coverage override aa <number> 

coverage override external <number> 

coverage override internal <number> 

coverage override internal <number> num-rings <value> 


coverage override operator 


coverage override operator num-rings <value> 


coverage override vm 


coverage override vm <number> 


coverage vm 
coverage vm <number> 


coverage [<system mode>] aa 

coverage [<system mode>] aa <number> 

coverage [<system mode>] external <number> 

coverage [<system modes] internal <number> 

coverage [<system mode>] internal <number> num-rings <value> 
coverage [<system mode>] operator 

coverage [<system mode>] operator num-rings <va/ue> 
coverage [<system mode>] vm 

coverage [<system mode>] vm <number> 


Syntax Description 





<system mode> 


aa <number> 


external <number> 


internal <number> 


Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 


Forwards the call to the auto attendant. It is optional to enter a specific 
extension programmed for the auto attendant. If no extension is specified 
the phone is forwarded to the default auto attendant. 

Forwards the call to the specified external number. If no number is entered, 
the default auto answer is used. 


Forwards the call to the specified internal number. 
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num-rings <value> 


operator 
override 

vm 

vm <number> 


Default Values 


Optional. Specifies the number of rings for the call before performing the 
next action. Valid range is 1 to 9. 


Forwards the call to the operator. 

Ignores the programmed system mode schedule. 

Forwards the call to voice mail. 

Optional. Forwards the phone to the specified mailbox number. 





By default, no call coverage is specified. 


Command History 





Release 9.3 
Release 11.1 


Release 12.1 


Release A1 


Functional Notes 


Command was introduced. 


Command was updated to include the voice mail and number of rings 
options. 

Command was updated to include auto attendant, global, and operator 
options. 

Command was updated to include system mode feature options. 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 


The following example specifies that calls to the ring group 1234 be forwarded to the internal extension 
8500 when in the night system mode. 


(config)#voice ring-group 1234 
(config-1234)#coverage night internal 8500 
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did <number> 
Use the did command to configure Direct Inward Dialing (DID) for this group. DID is used if a service 


provider is providing digits to the unit on inbound calls or if the unit needs to provide DID information to a 
piece of CPE equipment. Use the no form of this command to disable this feature. 


Syntax Description 





<number> Defines the DID number assigned to the ring group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example assigns DID 44 to the ring group 1234: 


(config)#voice ring-group 1234 
(config-1234)#did 44 
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email <address> 


Use the email command to enter the email address for this user’s group. Use the no form of this command 
to disable this feature. 


Syntax Description 


<adadress> Specifies an email address for this group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example creates an email contact for this group: 


(config)#voice ring-group 1234 
(config-1234)#email admin@helpdesk.com 
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email-secondary <address> 


Use the email-secondary command to enter a secondary email address for this user’s group. Use the no 
form of this command to disable this feature. 


Syntax Description 


<adadress> Specifies a contact email address for this group. 


Default Values 





No default value necessary for this command. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example creates a secondary email contact for this group: 


(config)#voice ring-group 1234 
(config-1234)#email-secondary lead@helpdesk.com 
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executive-extension <number> 


Use the executive-extension command to tie an executive’s extension to an assistant’s extension. 


more information. 


Wor This command only applies to type executive ring group(s). Refer to type on page 2352 for 





Syntax Description 





<number> Specifies the number of the executive’s extension. 


Default Values 


No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 


This command is used in conjunction with the assistant-extension command (refer to assistant-extension 
<number> on page 2338). When the executive’s extension is dialed, both the assistant’s and the 
executive’s phones will ring. If neither phone is answered (or both are busy or set to do-not-disturb), the 
call is forwarded through the executive’s call coverage list. 


Usage Examples 


The following example creates the executive ring group 1234 and causes both the executive (extension 
1234) and the assistant (extension 4444) phones to ring when the executive extension is dialed: 


config)#voice ring-group 1234 
config-1234)#type executive 
config-1234)#executive-extension 1234 
config-1234)#assistant-extension 4444 


anon a mm 
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login-member <number> 
Use the login-member command to log an existing member of the ring group into the system. You must 


first use the member command to create a new group member. Use the no form of this command to disable 
this feature. Refer to member <number> on page 2348 for more information. 


Syntax Description 





<number> Specifies the extension number of the user who is logging in. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Notes 





This command allows a user to log in and out of a ring group, letting the system know when a user is 
available to accept calls. 


Usage Examples 





The following example logs in the user at extension 4422: 


(config)#voice ring-group 1234 
(config-1234)#login-member 4422 
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max-inbound <value> 


Use the max-inbound command to define the maximum number of calls that can be inbound at the same 
time. Use the no form of this command to return to the default setting. 


Syntax Description 


<value> Specifies the maximum number of calls that can be inbound at the same 
time. Range is 1 to 10 calls. 


Default Values 





By default, the maximum number of inbound calls is set to 1. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of inbound calls on ring group 1234 to 3: 


(config)#voice ring-group 1234 
(config-1234)#max-inbound 3 
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member <number> 


Use the member command to create a new member of the ring group. Use the no form of this command to 
remove a user’s extension from a ring group. 


Syntax Description 


<number> Specifies the extension number of the user you want to add as a ring group 
member. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Functional Note 





A user can log in and out of the ring group using the login-member and no login-member commands. 
Refer to login-member <number> on page 2346 for more information. 


Usage Examples 





The following example adds the user at extension 4422 to the ring group 1234: 


(config)#voice ring-group 1234 
(config-1234)#member 4422 
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num-rings 


Use the num-rings command to specify the number of rings for call pickup before the system redirects the 
call. Each system-mode call coverage action can be configured with a different number of rings based on 
preference. Use the no form of this command to return to the default setting. Variations of this command 
include: 


num-rings <value> 
num-rings [<system mode>] <value> 
num-rings override <va/lue> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 

override Ignores the programmed system mode schedule. 

<value> Specifies the number of rings before the next action. Specify 0 trough 9 
rings. Entering 0 specifies an unlimited number of rings. 


Default Values 





By default, the num-rings is set to 4. 


Command History 





Release 9.3 Command was introduced. 
Release A1 Command was updated to include system mode feature options. 


Usage Examples 





The following sets the number of rings for this ring group to 6: 


(config)#voice ring-group 1234 
(config-1234)#num-rings 6 
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prefix 


Use the prefix command to turn on the caller ID prefix for this ring group, causing GRP: to display in 
front of the caller ID information. Use the no form of this command to turn the prefix off. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example turns on the caller ID prefix for ring group 1234: 


(config)#voice ring-group 1234 
(config-1234)#prefix 
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sip-identity 


Use the sip-identity command to configure the Session Initiation Protocol (SIP) registration options for 
the user. Use the no form of the command to disable the settings. Variations of this command include the 
following: 


sip-identity <station> <Txx> 
sip-identity <station> <Txx> register 
sip-identity <station> <Txx> register auth-name <username> password <password> 


Syntax Description 





<station> Specifies the station to be used for SIP trunk (e.g., station extension). 


<Txx> Specifies the SIP trunk through which to register the server. The trunk 
is specified in the format Txx (e.g., T01). 


register Registers the user to the server. 


register auth-name <username> Optional. Sets the user name that will be required as authentication 
for registration to the SIP server. 


password <password> Optional. Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example specifies trunk T02 and extension 4400 for SIP identity: 


(config)#voice ring-group 1234 
(config-1234)#sip identity 4400 T02 
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type 
Use the type command to configure the group type for the ring group. Variations of this command include: 


type all 

type executive 
type linear 
type ucd 


Syntax Description 





all Configures the group as an all-inclusive ring group. When a ring group call 
comes in, all phones ring simultaneously. 


executive Configures an executive ring group. Refer to executive-extension 
<number> on page 2345 for more information. 


linear Configures the group as a linear hunt ring group. Member phones ring one 
at a time until the call is picked up. When the next call comes in, the call 
cycle begins again by ringing the first ring group member. Refer to member 
<number> on page 2348 for more information. 

ucd Configures the group as a Uniform Call Distribution (UCD) ring group. 
Member phones ring one at a time until the call is picked up. When the next 
call comes in, the system remembers which member extension it last dialed 
and then continues the call cycle by ringing the next member in the ring 
group. 


Default Values 





No default value necessary for this command. 


Command History 


Release 10.1 Command was introduced. 


Usage Examples 





The following example configures the ring group 1234 to ring all phones in the ring group each time a call 
comes in: 


(config)#voice ring-group 1234 
(config-1234)#type all 
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voicemail 


Use the voicemail command to configure the voice mail options for the users. Use the no form of the 
command to disable the settings. Variations of this command include the following: 


voicemail auth-mode full 
voicemail auth-mode password 
voicemail auto-play 

voicemail envelope-play 
voicemail greeting alternate 
voicemail greeting default 
voicemail greeting standard 
voicemail new-user 

voicemail cos <name> 
voicemail notify email text-only 
voicemail oper-assist <number> 
voicemail password <password> 


Syntax Description 





auth-mode full 


auth-mode password 
auto-play 
cos <name> 


envelope-play 
greeting alternate 
greeting default 
greeting standard 
new-user 

notify email text-only 
oper-assist <number> 
password <password> 


Default Values 


Specifies that the extension and password are required to access 
voicemail. Only the password is required if set to password authentication 
mode. 


Specifies that the password is required to access voicemail. 
Specifies automatic playback of messages when entering the mailbox. 


Configures the voice mail class of service (CoS) type by entering the name 
of the selected CoS. 


Automatically plays message envelopes during message playback. 
Specifies the alternate recorded voicemail greeting to be used. 
Specifies the default voicemail greeting to be used. 

Specifies the user’s standard recorded voicemail greeting to be used. 
Executes the new-user wizard for voicemail configuration. 

Specifies the email address to alert when a new voicemail is received. 
Directs all operator calls to the specified phone number. 

Creates the password/pin that will be required to access voicemail. 





No default values necessary for this command. 


Command History 





Release 12.1 
Release 15.1 


Command was introduced. 
Command was expanded. 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 2353 


Command Reference Guide Voice Ring Group Command Set 





Usage Examples 





The following example sets the voice mail CoS for this group to class1: 


(config)#voice ring-group 1234 
(config-1234)#voicemail cos class1 
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VOICE TRUNK ANALOG COMMAND SET 


To activate the Voice Trunk Analog Dial Pulse Terminate (DPT) Configuration mode, enter the following 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type analog supervision dpt 
(config-t01)# 


To activate the Voice Trunk Analog Loop Start (LS) Configuration mode, enter the following command at 
the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)# 


To activate the Voice Trunk Analog Ground Start (GS) Configuration mode, enter the following command 
at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type analog supervision ground-start 
(config-t01)# 





Not all Trunk Analog commands apply to all analog trunk types. Use the ? command to 
‘one display a list of valid commands. 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


blind-dial on page 2357 

busy all on page 2358 

busy fxo <slot/port> on page 2359 
busy range fxo <range> on page 2360 
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caller-id on page 2361 

caller-id-override number <number> on page 2362 
codec-group <name> on page 2363 

connect fxo <slot/port> on page 2364 

connect range fxo <range> on page 2365 

did digits-transferred <value> on page 2366 
early-cut-through on page 2367 
echo-cancellation on page 2368 

match <number> substitute <number> on page 2369 
modem-passthrough on page 2370 

plc on page 2371 

reject-external on page 2372 
resource-selection on page 2373 

rtp delay-mode on page 2374 

rtp dtmf-relay on page 2375 

rtp frame-packetization <value> on page 2376 
rtp packet-delay on page 2377 

rtp qos dscp <value> on page 2378 
trunk-number <number> on page 2379 

138 on page 2380 

138 error-correction on page 2381 

138 fallback-mode on page 2382 

138 max-buffer <buffer size> on page 2383 

138 max-datagram <value> on page 2384 

138 max-rate on page 2385 

138 redundancy on page 2386 

vad on page 2387 
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blind-dial 


Use the blind-dial command to allow calls to be placed without the presence of dial-tone. Use the no form 


of this command to disable blind dialing. 


Syntax Description 


No subcommanads. 


Default Values 





By default, blind-dial is disabled. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example enables blind dialing: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#blind-dial 
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busy all 


Use the busy all command to set all DSOs to busy so that no calls are allowed inbound or outbound. If any 
calls are active at the time this command is issued, the calls will stay active until either party terminates the 
call. Once terminated, the DSOs are busied out. Use the no form of this command to return to default 
settings. Variations of this command include: 


busy all 
busy all now 


Syntax Description 





now Optional. Immediately terminates calls that are active at the time the 
command is issued (for example, in the middle of a conversation). 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the analog voice trunk. 


Usage Examples 





The following example sets all DSOs on trunk T01 to busy and terminates calls that are active at the time 
the command is issued: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#busy all now 
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busy fxo <s/ot/port> 


Use the busy fxo command to set a DSO to busy so that no calls are allowed inbound or outbound. If a call 
is active at the time this command is issued, the call will stay active until either party terminates the call. 
Once terminated, the DSO is set to busy. Use the no form of this command to disable this feature. 
Variations of this command include: 


busy fxo <s/ot/port> 
busy fxo <s/ot/port> now 


Syntax Description 





<slot/port> Specifies the slot/port for the FXO. 


now Optional. Immediately terminates active call at the time the command is 
issued (for example, in the middle of a conversation). 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the analog voice trunk. 


Usage Examples 





The following example sets FXO 0/1 to busy and terminates an active call when the command is issued: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#busy fxo 0/1 now 
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busy range fxo <range> 


Use the busy range fxo command to set a particular set of DSOs to busy so that no calls are allowed 
inbound or outbound. If any calls are active at the time this command is issued, the calls will stay active 
until either party terminates the call. Once terminated, the DSOs are set to busy. Use the no form of this 
command to return to the default setting. Variations of this command include: 


busy range fxo <range> 
busy range fxo <range> now 


Syntax Description 





<range> Specifies a range of ports in the format <slot/begin port range-end port 
range>. For example, 0/1-4. 


now Optional. Terminates calls that are active at the time the command is issued 
(for example, in the middle of a conversation). 


Default Values 


No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example sets DSOs to busy and terminates assigned to port range FXO 0/1 through FXO 0/4 
when the command is issued: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#busy range fxo 0/1-4 now 
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caller-id 
Use the caller-id number command to interpret and pass caller identification (ID) on this trunk. This 


information usually displays the name, number, time and date of the calling party. Use the no form of this 
command to cancel the setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, caller ID is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables caller ID: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#caller-id 
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caller-id-override number <number> 


Use the caller-id-override command to replace the calling party information for this trunk with a specific 
number. This command is used to conceal user’s name and number or to display a different name and 
number for internal or external caller ID. Use the no form of this command to cancel the setting. Variations 
of this command include: 


caller-id-override emergency-outbound <number> 
caller-id-override number-inbound <number> 
caller-id-override number-inbound <number> if-no-cpn 
caller-id-override number-inbound <number> <trunk id> 


Syntax Description 





<number> Specifies the number to display on caller ID. 

<trunk id> Specifies the trunk id (Txx) for outbound calls. 
emergency-outbound Specifies the calling party number on outbound emergency calls. 
number-inbound Specifies the calling party number on inbound calls. 

if-no-cpn Specifies overriding caller ID only if calling party is not available. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 15.1 Command was expanded. 
Release 16.1 Command was expanded to include the if-no-cpn subcommand. 


Usage Examples 





The following example sets the caller ID override number on the trunk where the command is issued: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#caller-id-override number 555-8000 
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codec-group <name> 


Use the codec-group command to configure the CODEC groups to use for the account. You will need to 
define CODEC lists to specify CODEC order (refer to voice codec-list <name> on page 958 for 
information) prior to assigning the CODEC group. You will then use the Voice CODEC List Configuration 
Command Set on page 2252 to define the specific CODEC you want each group to use for negotiation. Use 
the no form of this command to remove assigned CODEC groups. 


Syntax Description 





<name> Specifies the name of the CODEC group you want to use for this trunk. 


Default Values 





By default, no CODEC groups are assigned to this trunk. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 


The following example associates the CODEC group named user with this trunk: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#codec-group user 
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connect fxo <s/ot/port> 


Use the connect fxo command to specify the physical interface this trunk will use for voice calls. Use the 


no form of this command to remove this association. 


Syntax Description 


<slot/port> Specifies the slot/port for the FXO trunk. 


Default Values 





By default, no physical interface is assigned. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the analog voice trunk. 


Usage Examples 





The following example specifies this trunk will to use port FXO 0/1: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#connect fxo 0/1 
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connect range fxo <range> 


Use the connect range fxo command to specify the range of physical interfaces for this trunk group usage. 
Use the no form of this command to return to the default setting. 


Syntax Description 


<range> Specifies a range of ports in the format <slot/begin port range-end port 
range>. For example, 0/1-4. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies that this analog loop start trunk will use the contiguous port range FXO 0/1 
through FXO 0/4: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01 )#connect range fxo 0/1-4 
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did digits-transferred <value> 


Use the did digits-transferred command to define how many of the received digits should be sent to the 
internal switchboard from an incoming call on a User Role Trunk. The number of digits transferred are the 
least significant digits received. Direct Inward Dialing (DID) should be used if a Telco provider is 
providing digits to the unit on inbound calls or if the unit needs to provide DID information to a piece of 
CPE equipment. Use the no form of this command to disable this feature. Variations of this command 
include: 


did digits-transferred <value> 
did digits-transferred <va/ue> prefix <number> 


Syntax Description 





<value> Specifies the number of digits to be transferred. Range is 1 to 16 digits. 


prefix <number> Optional. Specifies a sequence of digits to be prepended to the digits that 
will be transmitted. For example, if seven digits will be transferred via DID, 
then prefix the seven digits with 256. Thus 555-8000 would be prefixed 
with 256, transmitting out the string of digits 256-555-8000. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





User Role Example: 


555-1000 is an incoming call on the trunk. With did digits-transferred <va/ue> set to 4, the number 1000 
will be sent to the switchboard. On a network role trunk, the did digits-transferred command allows you to 
define how many of the digits from the Accept criteria should be sent externally from a call that was routed 
by the switchboard. The number of digits transferred are the least significant digits received. 


Network Role Example: 


555-1000 is accepted on the UT interface. With did digits-transferred <va/ue> set to 4, the number of 
1000 will be sent to the device connected to the UT interface. This command cannot be specified if and 
when trunk-number is being used. Conversely, if DID is used, trunk-number will not be allowed. 


Usage Examples 





The following example transfers the digits 555-8000 and adds the prefix 256: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#did digits-transferred 5558000 prefix 256 
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early-cut-through 


Use the early-cut-through command to provide the caller with inband ringback and other call progress 
signals. This command should not be issued if the connected equipment does not provide inband ringback 
and other call progress signals. This option is only valid for voice trunks in the network role. Use the no 
form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, early-cut-through is disabled. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example activates early-cut-through: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#early-cut-through 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2367 


Command Reference Guide 


Voice Trunk Analog Command Set 





echo-cancellation 


Use the echo-cancellation command to improve voice quality for packetized-based voice calls such as 
voice over IP (VoIP) or Media Gateway Control Protocol (MGCP). Use the no form of this command to 


disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, echo-cancellation is enabled. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example activates echo-cancellation: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#echo-cancellation 
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match <number> substitute <number> 


Use the match substitute command to substitute a different number for the number originally dialed by a 
user of the system. If no match occurs (or no match statements have been entered) the original dialed 
number will be propagated without being modified. Use the no form of this command to delete match 
substitutes. 





You can enter multiple match commands on each trunk. The first valid match that is found 
‘wore for outbound numbers will be used in configurations where more than one match statement 
is valid for a given dialed number. Therefore, order of input is important. 





Syntax Description 





match <number> Specifies the dialed number that you are trying to match. 
substitute <number> Specifies the number that will be sent in place of the number that was 
matched. 


Default Values 





By default, no substitutions are defined. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 


The following example attempts to match the dialed number 555-8000 and specifies that number 555-8500 
will be sent if no match occurs: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#match 5558000 substitute 5558500 
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modem-passthrough 


Use the modem-passthrough command to switch to pass-through mode on fax or modem tone detection. 
This command allows modem and fax calls to maintain a connection without altering the signals with the 
voice improvement settings such as echo cancellation and voice activity detection (vad). Use the no form 
of this command to disable this feature. Variations of this command include: 


modem-passthrough 
modem-passthrough detection-time <va/ue> 


Syntax Description 





detection-time <value> Optional. Specifies the fax and/or modem detection time length value in 
seconds. Range is 0 to 8 seconds. 


Default Values 





By default, modem-passthrough is enabled. 


Command History 





Release 11.1 Command was introduced. 
Release 12.1 Command was expanded. 


Usage Examples 





The following example disables modem-passthrough: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#no modem-passthrough 
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plc 


Use the ple command to enable packet loss concealment (PLC). PLC is used to prevent choppy 
connections by concealing a packet loss by replacing the lost packet with another voice packet in the data 
stream. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, PLC is enabled on this interface. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example disables PLC on trunk T01: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#no plc 
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reject-external 


Use the reject-external command to prevent inbound calls on the trunk from being routed back out of the 
same trunk. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, reject-external is enabled on this interface. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





In general, trunks are assigned to the user role, which means they terminate lines from a Telco provider. If 
this is the case, reject-external should be enabled so that inbound calls on the trunk cannot be routed 
back out of the same trunk. If the configuration is poor, inbound long distance calls could be routed back 
out the same trunk, causing the owner of the unit to be charged for long distance calls without his 
knowledge. For network-role trunks and SIP-based trunks, this command should be disabled to allow calls 
to be properly routed in the unit. 


Usage Examples 





The following example disables reject-external: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#no reject-external 
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resource-selection 


Use the resource-selection command to determine how the switchboard uses outbound call resources 
contained within a TDM-based trunk group. Use the no form of this command to disable this feature. 
Variations of this command include: 


resource-selection circular 
resource-selection circular ascending 
resource-selection circular descending 
resource-selection linear 
resource-selection linear ascending 
resource-selection linear descending 


Syntax Description 





circular Performs call load balancing among available DSOs/B-channels in this 
trunk. Subsequent calls will be delivered to the next available 
DS0/B-channel in a round-robin fashion. 


linear Specifies that a call being delivered to this trunk will be accepted out the first 
available DSO/B-channel available at the time the call is received. 

ascending Optional. Distributes calls in an order from the lowest to the highest channel 
(DSO 1, 2, 3 through 24). 

descending Optional. Distributes calls in an order from the highest to the lowest channel 


(DSO 24, 23, 22 through 1). 


Default Values 





By default, resource selection is set to linear. 


Command History 





Release 9.3 Command was introduced. 
Release 13.1 Command was expanded to include the ascending and descending 
subcommands. 


Usage Examples 





The following example specifies circular resource selection: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#resource-selection circular 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2373 


Command Reference Guide Voice Trunk Analog Command Set 





rtp delay-mode 


Use the rtp delay-mode command to configure the Realtime Transport Protocol (RTP) jitter buffer packet 
delay mode settings. RTP is used to prevent static on voice connections by enhancing the quality of the 
packet delivery. Use the no form of this command to return to the default settings. Variations of this 
command include: 


rtp delay-mode adaptive 
rtp delay-mode fixed 


Syntax Description 





adaptive Configures the RTP jitter buffer packet delay to adjust during a call based 
on network conditions. 


fixed Configures the RTP jitter buffer packet delay to remain constant. 


Default Values 


By default, the RTP delay mode is set to adaptive. This allows for minimal latency by adjusting the 
average packet delay based on the conditions of the network. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example configures RTP delay mode as fixed: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#rtp delay-mode fixed 
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rtp dtmf-relay 


Use the rtp dtmf-relay command to configure the method by which Realtime Transport Protocol (RTP) 
Dual Tone Multi-Frequency (DTMF) events are relayed. The dial digits can be sent inband or out-of-band 
of the voice stream. Use the no form of this command to return to the default value. Variations of this 
command include: 


rtp dtmf-relay adaptive 
rtp dtmf-relay fixed 


Syntax Description 





inband Specifies that RTP DTMF events be relayed inband in the RTP stream. 


nte <value> Specifies that RTP DTMF events be relayed out-of-band using NTE. Enter 
an NTE value between 96 and 127. 


Default Values 
By default, the rtp dtmf-relay is set for NTE 101. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example configures RTP DTMF relay events for inband: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#rtp dtmf-relay inband 
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rtp frame-packetization <value> 
Use the rtp frame-packetization command to configure the Realtime Transport Protocol (RTP) frame 


packetization time in milliseconds for individual trunks and users. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Configures the RTP frame packetization time value in milliseconds. Select 
from 10, 20, or 30 milliseconds. 


Default Values 





By default, the rtp frame-packetization time is set to 20 milliseconds on all trunks and users. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the frame packetization time for trunk TO1 to 10 milliseconds: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#rtp frame-packetization 10 
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rtp packet-delay 


Use the rtp packet-delay command to configure the maximum Realtime Transport Protocol (RTP) packet 
delays. This command is used to set the allowable limits of latency on the network. Use the no form of this 
command to return to default values. Variations of this command include: 


rtp packet-delay fax <va/ue> 
rtp packet-delay maximum <value> 
rtp packet-delay nominal <value> 


Syntax Description 





fax <value> Sets the fax delay time value. Range is 0 to 500 milliseconds. 


maximum <value> Sets the maximum delay time value in increments of 10 milliseconds. 
Range is 40 to 320 milliseconds. 


nominal <value> Sets the nominal delay time value in increments of 10 milliseconds. Range 
is 10 to 240 milliseconds. 


Default Values 





By default, the RTP packet delay for fax is 300, maximum is 100, and nominal is 50. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the RTP fax delay time on trunk T01 to 200 milliseconds: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#rtp packet-delay fax 200 
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rtp qos dscp <value> 
Use the rtp qos dscp command to configure the maximum Realtime Transport Protocol (RTP) quality of 


service (QoS) parameters for differentiated services code point (DSCP). Use the no form of this command 
to return to default values. 


Syntax Description 





<value> Configures the RTP QoS parameter for DSCP. Enter a value between 
10 and 63. 


Default Values 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. QoS is set using a Differentiated Services Code Point, or DSCP value. Valid 
DSCP values are 10-63, and a higher DSCP value has a higher priority. The default DSCP value for RTP is 
46. Remember that if you are using a public IP connection, such as the Internet, for voice over IP, 
end-to-end QoS may not be guaranteed. The default DSCP value for SIP is 26. To configure QoS for the 
RTP traffic that carries the voice conversation, use the command, ip rtp qos dscp followed by the desired 
DSCP value. 


Command History 





Release 9.3 Command was introduced. 


Functional Note 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. 


Usage Examples 
The following example configures the RTP QoS DSCP for trunk T02 to 46: 





(config)#voice trunk t02 type analog supervision loop-start 
(config-t02)#rtp qos dscp 46 
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trunk-number <number> 


Use the trunk number command to define the call routing when DID is disabled. This feature directs 
incoming calls to the specified number when DID is not present. This command also allows users to 
activate different system modes of operation that redirect incoming calls to a different number depending 
on the specified mode. Use the no form of this command to disable this feature. Variations of this 
command include: 


trunk-number <number> 

trunk-number no-number 

trunk-number [<system mode>] <number> 
trunk-number [<system mode>] no-number 
trunk-number override <number> 
trunk-number override no-number 


Syntax Description 





<number> Specifies the number used for call routing when DID is disabled. 


<system mode> Specifies the system mode to configure. Choose from custom1, custom2, 
custom3, lunch, night, or weekend. Refer to the command voice 
system-mode on page 996 for more information on system modes. 


no-number Specifies no inbound calls are allowed on this trunk. 
override Ignores the programmed system mode schedule. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was added to the FGD Trunk options. 
Release A1 Command was expanded to included new subcommands. 


Usage Examples 





The following example defines call routing on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#trunk-number 4000 
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138 


Use the t38 command to enable T.38 fax operation. Use the no form of this command to disable this 
feature. 





operation to work. 


Wor The modem-passthrough command (refer to page 2370) must be enabled for T.38 





Syntax Description 





No subcommanas. 


Default Values 
By default, T.38 is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables T.38 on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 


Technology Review 


T.38 is an International Telecommunication Union (ITU) specification that allows Group-3 Fax (T.30) data to 
be transported over the Internet. It is similar to dual tone multi-frequency (DTMF) relay (RFC 2833) in that 
the digital signal processor (DSP) decodes tones and demodulated fax data and converts them into 
packets. A similar device on the other end takes the packets/tones and remodulates them so that an 
analog fax machine on the other end can receive the fax. AOS’s previous support (revision 12 through 15) 
for fax/modem signals was simply detecting a tone and forcing the CODEC into G.711 and 
disabling/enabling echo cancellers based on the tones detected. When packet loss becomes high, sending 
faxes over G711 becomes problematic, due to dropped messages and timeouts/retrains. 


T.38 can be used in conjunction with various call-control schemes such as H.323, SIP, and Media Gateway 
Control Protocol (MGCP). AOS only supports SIP as the call-control method. This is typically referred to 
T.38/Annex-D. Annex-D describes the Session Initiation Protocol/Session Description Protocol (SIP/SDP) 
call establishment procedures. 
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38 error-correction 


Use the t38 error-correction command to specify the type of fax error correction. Use the no form of this 
command to disable this feature. Variations of this command include: 


t38 error-correction fec 
t38 error-correction redundancy 


Syntax Description 





fec Specifies forward error correction (FEC) as the fax error correction. FEC is 
a system of error control where the sender adds redundant data to its 
messages allowing the receiver to detect and correct errors (within certain 
bounds) without the need to request additional data from the sender. 


redundancy Specifies redundancy as the fax error correction. Redundancy error 
correction replicates the payload a user-specified number of times to 
determine if errors are present. The number of redundant packets is set 
using the t88 redundancy command (refer to page 2386). 


Default Values 





By default, t38 error-correction is set to redundancy. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 error-correction to fec on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 error-correction fec 
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t38 fallback-mode 


Use the t38 fallback-mode command to specify the transmission mode used when T.38 fax relay cannot 
be successfully negotiated at the time of the fax transfer. Use the no form of this command to disable this 
feature. Variations of this command include: 


138 fallback-mode fail488 
138 fallback-mode fail606 
t38 fallback-mode g711 


Syntax Description 





fail488 Specifies using the fail488 SIP error message. 
fail606 Specifies using the fail606 SIP error message. 
g711 Specifies that fax operation revert back to analog mode (G.711). 


Default Values 





By default, t38 fallback-mode is set to g711. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 fallback-mode to fail606 on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 fallback-mode fail606 
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138 max-buffer <buffer size> 


Use the t38 max-buffer command to set the maximum buffer size for T.38 fax operation. Use the no form 
of this command to return to the default value. 


Syntax Description 


<buffer-size> Specifies the maximum number of bytes that can be received before an 
overflow condition occurs. Range is 0 to 400 bytes. 


Default Values 





By default, the maximum buffer size is set to 200. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-buffer to 100 on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#38 max-buffer 100 
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t38 max-datagram <value> 


Use the t38 max-datagram command to set the maximum datagram value in this unit. Use the no form of 
this command to return to the default value. 


Syntax Description 


<value> Specifies the maximum number of bytes a User Datagram Protocol 
Transport Layer (UDPTL) packet that can be received. Range is 0 to 300 
bytes. 


Default Values 





By default, the maximum datagram value is set to 75. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-datagram to 100 on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 max-datagram 100 
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138 max-rate 


Use the t38 max-rate command to specify the fax maximum rate. The actual transmission rate may be 
lower than specified rate if the receiving end cannot support the maximum rate. Use the no form of this 
command to return to the default value. Variations of this command include: 


t38 max-rate 12000 
t38 max-rate 14400 
t38 max-rate 2400 
t38 max-rate 4800 
t38 max-rate 7200 
t38 max-rate 9600 


Syntax Description 





12000 Specifies 12000 baud/bits as fax maximum rate. 
14400 Specifies 14400 baud/bits as fax maximum rate. 
2400 Specifies 2400 baud/bits as fax maximum rate. 
4800 Specifies 4800 baud/bits as fax maximum rate. 
7200 Specifies 7200 baud/bits as fax maximum rate. 
9600 Specifies 9600 baud/bits as fax maximum rate. 


Default Values 





By default, the maximum fax rate is set to 14400. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-rate to 4800 on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 max-rate 4800 
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t38 redundancy 


Use the t38 redundancy command to set the number of redundant packets sent when the t38 


error-correction redundancy feature is enabled. Use the no form of this command to return to the default 


value. Variations of this command include: 


t38 redundancy high-speed <va/ue> 
t38 redundancy low-speed <value> 


Syntax Description 





high-speed <value> Specifies the number of redundant T.38 fax packets to be sent for data 
messages (high-speed fax machine image data). Range is 0 (no 
redundancy) to 4 packets. 


low-speed <value> Specifies the number of redundant T.38 fax packets to be sent for the 
signaling messages (low-speed fax machine protocol). Range is 0 (no 
redundancy) to 7 packets. 


Default Values 





By default, high-speed and low-speed redundancy values are set to 0 (no redundancy). 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables t38 error-correction redundancy and sets the number of redundant data 


messages to 3 on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 error-correction redundancy 
(config-t03)#t38 redundancy high-speed 3 
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vad 


Use the vad command to enable voice activity detection (VAD). VAD blocks out noise categorized as 
silence during a voice connection. The silent voice packets are not transmitted, allowing bandwidth usage 
to be reduced. Although VAD saves bandwidth, the quality of the voice call may be compromised. Use the 
no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VAD is enabled for all T1 RBS trunks and users. 





Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example disables VAD on trunk T01: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#no vad 
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VOICE TRUNK GROUP COMMAND SET 





To activate the Voice Trunk Group Configuration mode, enter the voice grouped-trunk command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice grouped-trunk TestGroup 
(config-TestGroup)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


accept <pattern> on page 2389 
reject <pattern> on page 2391 
resource-selection on page 2393 
trunk <Txx> on page 2394 
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accept <pattern> 


Use the accept command to specify numbers that users can dial on the trunk. This command controls the 
type of outbound calls users can place on the system. Use the no form of this command to remove a 
configured dial pattern and return to the default setting. Variations of this command include: 


accept <pattern> 
accept <pattern> cost <value> 


Syntax Description 





<pattern> Specifies the patterns users can dial on the trunk. You can enter a complete 
phone number or wildcards can be used to help define accepted numbers. 
Refer to Functional Notes below for more information on using wildcards. 


cost <value> Specifies the cost value for the trunk. This option is used if a call is accepted 
by several trunks. The call will be routed to the trunk with the lowest cost 
value. The valid range is 0 to 499. 


Default Values 





By default, the cost value is zero. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





The available wildcards for this command are: 


M = Any digit 1 to 8. 

X = Any single digit (0 to 9). 

N = Any digit 2 to 9. 

$ = Any number of digits of any value. 

[abc] = Any digit contained in the bracketed list. 





Wor Do not use dashes, commas, spaces, etc., inside the brackets. Commas are implied between 


numbers in the brackets. 





The special characters ( ), -, + are always ignored. 


Examples: 1) 555-81xx matches 555-8100 to 555-8199. 
2) 555-812[012] matches 555-8120 to 555-8122. 
3) 1-800$ matches any 1-800 calls. 
4) Nxx-xxxx matches 7 digit local. 
5) 1-Nxx-Nxx-xxxx matches long distance calls in North America. 
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Usage Examples 





The following example allows users on the trunk TestGroup to dial any local number: 


(config)#voice grouped-trunk TestGroup 
(config-TestGroup)#accept Nxxxxxx 
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reject <pattern> 


Use the reject command to specify numbers users cannot dial on the trunk. This features allows 
administrators to restrict callers from unwanted outbound calls such as international calls and 900 
numbers. Use the no form of this command to disable this feature. 


Syntax Description 





<pattern> Specifies the patterns that users cannot dial on the trunk. You can enter a 
complete phone number or wildcards can be used to help define rejected 
numbers. Refer to Functional Notes below for more information on using 
wildcards. For example, you can enter 900$ to prevent users from dialing all 
900 numbers. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





The available wildcards for this command are: 


M = Any digit 1 to 8. 

X = Any single digit (0 to 9). 

N = Any digit 2 to 9. 

$ = Any number of digits of any value. 

[abc] = Any digit contained in the bracketed list. 





Wo Do not use dashes, commas, spaces, etc., inside the brackets. Commas are implied between 


numbers in the brackets. 





The special characters ( ), -, + are always ignored. 


Examples: 1) 555-81xx matches 555-8100 to 555-8199. 
2) 555-812[012] matches 555-8120 to 555-8122. 
3) 1-800$ matches any 1-800 calls. 
4) Nxx-xxxx matches 7 digit local. 
5) 1-Nxx-Nxx-xxxx matches long distance calls in North America. 
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Usage Examples 





The following example blocks calls to any 900 number on the trunk TestGroup: 


(config)#voice grouped-trunk TestGroup 
(config-TestGroup)#reject 900$ 
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resource-selection 


Use the resource-selection command to determine how the switchboard uses outbound call resources 
contained within a TDM-based trunk group. Use the no form of this command to disable this feature. 
Variations of this command include: 


resource-selection circular 
resource-selection circular ascending 
resource-selection circular descending 
resource-selection linear 
resource-selection linear ascending 
resource-selection linear descending 


Syntax Description 





circular Performs call load balancing among available DSOs/B-channels in this 
trunk. Subsequent calls will be delivered to the next available 
DS0/B-channel in a round-robin fashion. 


linear Specifies that a call being delivered to this trunk will be accepted out the first 
available DSO/B-channel available at the time the call is received. 

ascending Optional. Distributes calls in an order from the lowest to the highest channel 
(DSO 1, 2, 3 through 24). 

descending Optional. Distributes calls in an order from the highest to the lowest channel 


(DSO 24, 23, 22 through 1). 


Default Values 





By default, resource selection is set to linear. 


Command History 





Release 9.3 Command was introduced. 
Release 13.1 Command was expanded to include the ascending and descending 
subcommands. 


Usage Examples 





The following example specifies circular resource selection on the trunk TestGroup: 


(config)#voice grouped-irunk TestGroup 
(config-TestGroup)#resource-selection circular 
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trunk <Txx> 


Use the trunk command to add an existing trunk to the trunk group so outbound calls may be placed out 
that particular trunk as well. Use the no form of this command to remove a configured trunk group. 


Syntax Description 





<Txx> Specifies an ID number for the trunk. The trunk ID is in the format Txx 
where xx is the trunk ID number. Enter a trunk ID between 1 and 99. For 
example, trunk T02. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 
The following example adds trunk T02 to the trunk group TestGroup: 


(config)#voice grouped-trunk TestGroup 
(config-TestGroup)#trunk t02 
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VOICE TRUNK ISDN COMMAND SET 


To activate the Voice Trunk ISDN Configuration mode, enter voice trunk txx type isdn at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice trunk t01 type isdn 
(config-t01)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


caller-id-override number <number> on page 2397 
codec-group <name> on page 2398 

connect isdn-group <number> on page 2399 
echo-cancellation on page 2400 

match <number> substitute <number> on page 2401 
modem-passthrough on page 2402 

plc on page 2403 

reject-external on page 2404 
resource-selection on page 2405 

rtp delay-mode on page 2406 

rtp dtmf-relay on page 2407 

rtp frame-packetization <value> on page 2408 
rtp packet-delay on page 2409 

rtp gos dscp <value> on page 2410 
trunk-number <number> on page 2411 

t38 on page 2412 

t38 error-correction on page 2413 

t38 fallback-mode on page 2414 

t38 max-buffer <buffer size> on page 2415 
t38 max-datagram <value> on page 2416 

t38 max-rate on page 2417 

t38 redundancy on page 2418 
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vad on page 2419 
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caller-id-override number <number> 


Use the caller-id-override command to replace the calling party information for this trunk with a specific 
number. This command is used to conceal user’s name and number or to display a different name and 
number for internal or external caller ID. Use the no form of this command to cancel the setting. Variations 
of this command include: 


caller-id-override emergency-outbound <number> 
caller-id-override number-inbound <number> 
caller-id-override number-inbound <number> if-no-cpn 
caller-id-override number-inbound <number> <trunk id> 


Syntax Description 





<number> Specifies the number to display on caller ID. 

<trunk id> Specifies the trunk id (Txx) for outbound calls. 
emergency-outbound Specifies the calling party number on outbound emergency calls. 
number-inbound Specifies the calling party number on inbound calls. 

if-no-cpn Specifies overriding caller ID only if calling party is not available. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
Release 15.1 Command was expanded. 
Release 16.1 Command was expanded to include the if-no-cpn subcommand. 


Usage Examples 





The following example sets the caller ID override number on the trunk where the command is issued: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#caller-id-override number 555-8000 
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codec-group <name> 
Use the codec-group command to specify the CODEC group to use for this trunk. For information on 


defining CODEC groups, refer to codec-group <name> on page 2493. Use the no form of this command 
to return to the default setting. 


Syntax Description 





<name> Specifies the name of the CODEC group you want to use. 


Default Values 





By default, no CODEC groups are assigned to this interface. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example associates the CODEC group user with this trunk: 


(config)#voice trunk t01 type isdn 
(config-t01)#codec-group user 
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connect isdn-group <number> 


Use the connect isdn-group command to associate a trunk with an ISDN group. The ISDN group number 
uniquely identifies an ISDN trunk group. Use the no form of this command to remove this association. 


Syntax Description 
<number> Specifies the ISDN group number. Range is 1 to 255. 


Default Values 





By default, no group is defined. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example specifies that this trunk will use the ISDN group 1: 


(config)#voice trunk t01 type isdn 
(config-t01)#connect isdn-group 1 
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echo-cancellation 


Use the echo-cancellation command to improve voice quality for packetized-based voice calls such as 
Voice over IP (VoIP) or Media Gateway Control Protocol (MGCP). Enabling this command may 
significantly improve the voice quality in calls across the telephone network. Use the no form of this 
command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, echo cancellation is enabled. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example activates echo-cancellation: 


(config)#voice trunk t01 type isdn 
(config-t01)#echo-cancellation 
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match <number> substitute <number> 


Use the match substitute command to substitute a different number for the number originally dialed by a 
user of the system. If no match occurs (or no match statements have been entered) the original dialed 
number will be propagated without being modified. Use the no form of this command to delete match 
substitutions. 





You can enter multiple match commands on each trunk. The first valid match that is found 
‘wore for outbound numbers will be used in configurations where more than one match statement 
is valid for a given dialed number. Therefore, order of input is important. 





Syntax Description 





match <number> Specifies the dialed number that you are trying to match. 
substitute <number> Specifies the number that will be sent in place of the number that was 
matched. 


Default Values 





By default, no substitutions are defined. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example attempts to match the dialed number 555-8000 and specifies that number 555-8500 
will be sent if no match occurs: 


(config)#voice trunk t01 type isdn 
(config-t01)#match 5558000 substitute 5558500 
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modem-passthrough 


Use the modem-passthrough command to switch to pass-through mode on fax or modem tone detection. 
This command allows modem and fax calls to maintain a connection without altering the signals with the 
voice improvement settings such as echo cancellation and voice activity detection (vad). Use the no form 
of this command to disable this feature. Variations of this command include: 


modem-passthrough 
modem-passthrough detection-time <va/ue> 


Syntax Description 





detection-time <value> Optional. Specifies the fax and/or modem detection time length value in 
seconds. Range is 0 to 8 seconds. 


Default Values 





By default, modem-passthrough is enabled. 


Command History 





Release 11.1 Command was introduced. 
Release 12.1 Command was expanded. 


Usage Examples 





The following example enables modem-passthrough: 


(config)#voice trunk t01 type isdn 
(config-t01)#modem-passthrough 
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plc 


Use the ple command to enable packet loss concealment (PLC). PLC is used to prevent choppy 


connections by concealing a packet loss by replacing the lost packet with another voice packet in the data 


stream. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, PLC is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables PLC on trunk T01: 


(config)#voice trunk t01 type isdn 
(config-t01)#plc 
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reject-external 


Use the reject-external command to blocked outbound (external) call attempts. Use the no form of this 
command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, this command is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example enables PLC on trunk T01: 


(config)#voice trunk t01 type isdn 
(config-t01)#reject-external 
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resource-selection 


Use the resource-selection command to determine how the switchboard uses outbound call resources 
contained within a TDM-based trunk group. Use the no form of this command to disable this feature. 
Variations of this command include: 


resource-selection circular 
resource-selection circular ascending 
resource-selection circular descending 
resource-selection linear 
resource-selection linear ascending 
resource-selection linear descending 


Syntax Description 





circular Performs call load balancing among available DSOs/B-channels in this 
trunk. Subsequent calls will be delivered to the next available 
DS0/B-channel in a round-robin fashion. 


linear Specifies that a call being delivered to this trunk will be accepted out the first 
available DSO/B-channel available at the time the call is received. 

ascending Optional. Distributes calls in an order from the lowest to the highest channel 
(DSO 1, 2, 3 through 24). 

descending Optional. Distributes calls in an order from the highest to the lowest channel 


(DSO 24, 23, 22 through 1). 


Default Values 





By default, resource selection is set to linear. 


Command History 





Release 9.3 Command was introduced. 
Release 13.1 Command was expanded to include the ascending and descending 
subcommands. 


Usage Examples 





The following example specifies circular resource selection: 


(config)#voice trunk t01 type isdn 
(config-t01)#resource-selection circular 
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rtp delay-mode 


Use the rtp delay-mode command to configure the Realtime Transport Protocol (RTP) jitter buffer packet 
delay mode settings. RTP is used to prevent static on voice connections by enhancing the quality of the 
packet delivery. Use the no form of this command to return to the default settings. Variations of this 
command include: 


rtp delay-mode adaptive 
rtp delay-mode fixed 


Syntax Description 





adaptive Configures RTP jitter buffer packet delay to adjust during a call based on 
network conditions. 


fixed Configures the RTP jitter buffer packet delay to remain constant. 


Default Values 


By default, this command is set to adaptive. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures RTP delay mode as adaptive: 


(config)#voice trunk t01 type isdn 
(config-t01)#rtp delay-mode adaptive 
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rtp dtmf-relay 


Use the rtp dtmf-relay command to configure the method by which Realtime Transport Protocol (RTP) 
Dual Tone Multi-Frequency (DTMF) events are relayed, either inband in the RTP stream or out-of-band 
using Named Telephone Events (NTE). RTP DTMF relay is used to prevent the tone (dialed digits) from 
being corrupted. Use the no form of this command to return to the default value. Variations of this 
command include: 


rtp dtmf-relay inband 
rtp dtmf-relay nte <value> 


Syntax Description 





inband Configures RTP DTMF relay events for inband. 
nte <value> Configures RTP DTMF relay events for NTE. Enter a value between 
96 and 127. 


Default Values 
By default, the rtp dtmf-relay is set for NTE 101. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example configures RTP DTMF relay events for NTE with an event value of 101: 


(config)#voice trunk t01 type isdn 
(config-t01)#rtp dtmf-relay nte 101 
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rtp frame-packetization <value> 
Use the rtp frame-packetization command to configure the Realtime Transport Protocol (RTP) frame 


packetization time in milliseconds for individual trunks and users. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Configures the RTP frame packetization time in milliseconds. Select from 
10, 20, or 30 milliseconds. 


Default Values 





By default, the rtp frame-packetization time is set to 20 milliseconds on all trunks and users. 


Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example sets the frame packetization time for trunk T01 to 20 milliseconds: 


(config)#voice trunk t01 type isdn 
(config-t01)#rtp frame-packetization 20 
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rtp packet-delay 


Use the rtp packet-delay command to configure the maximum Realtime Transport Protocol (RTP) packet 
delays. This command is used to set the allowable limits of latency on the network. Use the no form of this 
command to return to default values. Variations of this command include: 


rtp packet-delay fax <va/ue> 
rtp packet-delay maximum <value> 
rtp packet-delay nominal <value> 


Syntax Description 





fax <value> Sets the fax delay time in milliseconds. Range is 0 to 500 milliseconds. 

maximum <value> Sets the maximum delay time in increments of 10 milliseconds. Range is 
40 to 320 milliseconds. 

nominal <value> Sets the nominal delay time in increments of 10 milliseconds. Range is 


10 to 240 milliseconds. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the RTP fax delay time on trunk T01 to 10 milliseconds: 


(config)#voice trunk t01 type isdn 
(config-t01)#rtp packet-delay fax 10 
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rtp qos dscp <value> 


Use the rtp qos dscp command to configure the maximum Realtime Transport Protocol (RTP) quality of 
service (QoS) parameters for differentiated services code point (DSCP). 


Syntax Description 


<value> Configures the RTP QoS parameter for differentiated services code point. 
Enter a value between 0 and 63. 


Default Values 
By default, no RTP QoS DSCP is configured for this interface. 





Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Functional Note 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. QoS is set using a Differentiated Services Code Point, or DSCP value. Valid 
DSCP values are 10-63, and a higher DSCP value has a higher priority. The default DSCP value for RTP is 
46. Remember that if you are using a public IP connection, such as the Internet, for voice over IP, 
end-to-end QoS may not be guaranteed. The default DSCP value for SIP is 26. To configure QoS for the 
RTP traffic that carries the voice conversation, use the command, ip rtp qos dscp followed by the desired 
DSCP value. 


Usage Examples 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. The following example sets the DSCP value for RTP packets that trunk T02 
generates to 46. 


(config)#voice trunk t02 type isdn 
(config-t02)#rtp qos dscp 46 
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trunk-number <number> 


Use the trunk number command to define the call routing when DID is disabled. This feature directs 
incoming calls to the specified number when DID is not present. This command also allows users to 
activate different system modes of operation that redirect incoming calls to a different number depending 
on the specified mode. Use the no form of this command to disable this feature. Variations of this 
command include: 


trunk-number <number> 

trunk-number no-number 

trunk-number [<system mode>] <number> 
trunk-number [<system mode>] no-number 
trunk-number override <number> 
trunk-number override no-number 


Syntax Description 





<number> Specifies the number used for call routing when DID is disabled. 


<system mode> Specifies the system mode to configure. Choose from custom1, custom2, 
custom3, lunch, night, or weekend. Refer to the command voice 
system-mode on page 996 for more information on system modes. 


no-number Specifies no inbound calls are allowed on this trunk. 
override Ignores the programmed system mode schedule. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was added to the FGD Trunk options. 
Release A1 Command was expanded to included new subcommands. 


Usage Examples 





The following example defines call routing on trunk T02: 


(config)#voice trunk t02 type isdn 
(config-t02)#trunk-number 4000 
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138 


Use the t38 command to enable T.38 fax operation. Use the no form of this command to disable this 
feature. 





operation to work. 


Wor The modem-passthrough command (refer to page 2402) must be enabled for T.38 





Syntax Description 





No subcommanas. 


Default Values 
By default, T.38 is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables T.38: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 


Technology Review 


T.38 is an International Telecommunication Union (ITU) specification that allows Group-3 Fax (T.30) data to 
be transported over the Internet. It is similar to dual tone multi-frequency (DTMF) relay (RFC 2833) in that 
the digital signal processor (DSP) decodes tones and demodulated fax data and converts them into 
packets. A similar device on the other end takes the packets/tones and remodulates them so that an 
analog fax machine on the other end can receive the fax. AOS’s previous support (revision 12 through 15) 
for fax/modem signals was simply detecting a tone and forcing the CODEC into G.711 and 
disabling/enabling echo cancellers based on the tones detected. When packet loss becomes high, sending 
faxes over G711 becomes problematic, due to dropped messages and timeouts/retrains. 


T.38 can be used in conjunction with various call-control schemes such as H.323, SIP, and Media Gateway 
Control Protocol (MGCP). AOS only supports SIP as the call-control method. This is typically referred to 
T.38/Annex-D. Annex-D describes the Session Initiation Protocol/Session Description Protocol (SIP/SDP) 
call establishment procedures. 
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38 error-correction 


Use the t38 error-correction command to specify the type of fax error correction. Use the no form of this 
command to disable this feature. Variations of this command include: 


t38 error-correction fec 
t38 error-correction redundancy 


Syntax Description 





fec Specifies forward error correction (FEC) as the fax error correction. FEC is 
a system of error control where the sender adds redundant data to its 
messages allowing the receiver to detect and correct errors (within certain 
bounds) without the need to request additional data from the sender. 


redundancy Specifies redundancy as the fax error correction. Redundancy error 
correction replicates the payload a user-specified number of times to 
determine if errors are present. The number of redundant packets is set 
using the t88 redundancy command (refer to page 2418). 


Default Values 





By default, t38 error-correction is set to redundancy. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 error-correction to fec: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 error-correction fec 
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t38 fallback-mode 


Use the t38 fallback-mode command to specify the transmission mode used when T.38 fax relay cannot 
be successfully negotiated at the time of the fax transfer. Use the no form of this command to disable this 
feature. Variations of this command include: 


138 fallback-mode fail488 
138 fallback-mode fail606 
t38 fallback-mode g711 


Syntax Description 





fail488 Specifies using the fail488 SIP error message. 
fail606 Specifies using the fail606 SIP error message. 
g711 Specifies that fax operation revert back to analog mode (G.711). 


Default Values 





By default, t38 fallback-mode is set to g711. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 fallback-mode to fail606: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 fallback-mode fail606 
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138 max-buffer <buffer size> 


Use the t38 max-buffer command to set the maximum buffer size for T.38 fax operation. Use the no form 
of this command to return to the default value. 


Syntax Description 


<buffer-size> Specifies the maximum number of bytes that can be received before an 
overflow condition occurs. Range is 0 to 400 bytes. 


Default Values 





By default, the maximum buffer size is set to 200. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-buffer to 100: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 max-buffer 100 
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t38 max-datagram <value> 


Use the t38 max-datagram command to set the maximum datagram value in this unit. Use the no form of 
this command to return to the default value. 


Syntax Description 


<value> Specifies the maximum number of bytes a User Datagram Protocol 
Transport Layer (UDPTL) packet can be that can be received. Range is 0 to 
300 bytes. 


Default Values 





By default, the maximum datagram value is set to 75. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-datagram to 100: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 max-datagram 100 
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138 max-rate 


Use the t38 max-rate command to specify the fax maximum rate. The actual transmission rate may be 
lower than specified rate if the receiving end cannot support the maximum rate. Use the no form of this 
command to return to the default value. Variations of this command include: 


t38 max-rate 12000 
t38 max-rate 14400 
t38 max-rate 2400 
t38 max-rate 4800 
t38 max-rate 7200 
t38 max-rate 9600 


Syntax Description 





12000 Specifies 12000 baud/bits as fax maximum rate. 
14400 Specifies 14400 baud/bits as fax maximum rate. 
2400 Specifies 2400 baud/bits as fax maximum rate. 
4800 Specifies 4800 baud/bits as fax maximum rate. 
7200 Specifies 7200 baud/bits as fax maximum rate. 
9600 Specifies 9600 baud/bits as fax maximum rate. 


Default Values 





By default, the maximum fax rate is set to 14400. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-rate to 4800: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 max-rate 4800 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2417 


Command Reference Guide Voice Trunk ISDN Command Set 





t38 redundancy 


Use the t38 redundancy command to set the number of redundant packets sent when the t38 
error-correction redundancy feature is enabled. Use the no form of this command to return to the default 
value. Variations of this command include: 


t38 redundancy high-speed <va/ue> 
t38 redundancy low-speed <value> 


Syntax Description 





high-speed <value> Specifies the number of redundant T.38 fax packets to be sent for data 
messages (high-speed fax machine image data). Range is 0 (no 
redundancy) to 4 packets. 


low-speed <value> Specifies the number of redundant T.38 fax packets to be sent for the 
signaling messages (low-speed fax machine protocol). Range is 0 (no 
redundancy) to 7 packets. 


Default Values 





By default, high-speed and low-speed redundancy values are set to 0 (no redundancy). 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables t38 error-correction redundancy and sets the number of redundant data 
messages to 3: 


(config)#voice trunk t02 type isdn 
(config-t02)#t38 error-correction redundancy 
(config-t02)#t38 redundancy high-speed 3 
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vad 


Use the vad command to enable voice activity detection (VAD). VAD blocks out noise categorized as 
silence during a voice connection. The silent voice packets are not transmitted, allowing bandwidth usage 
to be reduced. Although VAD saves bandwidth, the quality of the voice call may be compromised. Use the 
no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VAD is enabled for all T1 RBS trunks and users. 





Command History 





Release 9.3 Command was introduced. 
Release 11.1 Command expanded to include the ISDN trunk. 


Usage Examples 





The following example enables voice activation detection on trunk T01: 


(config)#voice trunk t01 type isdn 
(config-t01)#vad 
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VOICE TRUNK SIP COMMAND SET 





To activate the Voice Trunk Session Initiation Protocol (SIP) Interface Configuration mode, enter the 
voice trunk type sip command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice trunk t01 type sip 
(config-t01)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


alert-info on page 2422 

authentication username <username> password <password> on page 2423 
busy all on page 2424 

caller-id-override number <number> on page 2425 
check-supported replaces on page 2426 

codec-group <name> on page 2427 
conferencing-uri <value> on page 2428 

dial-string source on page 2429 

domain <name> on page 2430 

match <number> substitute <number> on page 2431 
max-number-calls <value> on page 2432 
outbound-proxy primary on page 2433 
outbound-proxy secondary on page 2434 

register on page 2435 

registrar expire-time <value> on page 2437 
registrar max-concurrent-reg <value> on page 2438 
registrar primary <value> on page 2439 

registrar require-expires on page 2440 

registrar secondary <value> on page 2441 

registrar threshold on page 2442 


reject-external on page 2443 
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sip-keep-alive on page 2444 
sip-server primary on page 2445 
sip-server secondary on page 2446 


trust-domain on page 2447 
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alert-info 


Use the alert-info command to allow the alert information attribute on incoming and/or outgoing auto 
answer alert information. Use the no form of this command to cancel the setting. Variations of this 
command include: 


alert-info incoming auto-answer 
alert-info outgoing auto-answer 


Syntax Description 





incoming auto-answer Specifies processing incoming ALERT-INFO attribute. 
outgoing auto-answer Specifies allowing the outgoing ALERT-INFO auto-answer attribute. 


Default Values 





By default, both incoming and outgoing auto answer alert information is allowed on the NetVanta 7100 in 
the ALERT-INFO messages. However, both are disabled by default in the [ADs (Total Access 900 Series 
and NetVanta 1335). The IADs will ignore incoming auto answer in the ALERT-INFO messages, and will 
not send the information on outgoing trunks. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 
The following example blocks outgoing alert-info auto-answer attribute on trunk T01: 


(config)#voice trunk t01 type sip 
(config-t01)#alert-info outgoing auto-answer 
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authentication username <username> password <password> 
Use the authentication command to enable authentication security between the Session Initiation Protocol 


(SIP) server and the unit. Each port that registers with the SIP server will use the defined username and 
password. Use the no form of this command to return to default settings. 


Syntax Description 





username <username> Specifies a string to be sent as the user name in authentication. 
password <password> Specifies a string to be sent as the password in authentication. 


Default Values 





By default, authentication is not enabled. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





If all users on the trunk use the same user name/password, enter the user name and password for 
authentication under the trunk. Otherwise, enter authentication information for each user individually in the 
Voice User command set which overrides the setting of this command. Refer to Voice User Configuration 
Command Set on page 2487 for more information. 


Usage Examples 





The following example configures a user name of iaduser and password of totalaccess at the trunk level: 


(config)#voice trunk t01 type sip 
(config-t01)#authentication username iaduser password totalaccess 
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busy all 


Use the busy all command to set all DSOs to busy so that no calls are allowed inbound or outbound. If any 
calls are active at the time this command is issued, the calls will stay active until either party terminates the 
call. Once terminated, the DSOs are busied out. Use the no form of this command to disable this feature. 
Variations of this command include: 


busy all 
busy all now 


Syntax Description 





now Optional. Immediately terminates calls that are active at the time the 
command is issued. 


Default Values 





By default, this command is disabled. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was added to the Voice Trunk SIP command set. 


Usage Examples 





The following example sets all DSOs on trunk T01 to busy and terminates calls that are active at the time 
the command is issued: 


(config)#voice trunk t01 type sip 
(config-t01)#busy all now 
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caller-id-override number <number> 


Use the caller-id-override command to replace the calling party information for this trunk with a specific 
number. This command is used to conceal user’s name and number or to display a different number for 
internal or external caller ID. Use the no form of this command to cancel the setting. Variations of this 
command include: 


caller-id-override emergency-outbound <number> 
caller-id-override number-inbound <number> 
caller-id-override number-inbound <number> if-no-cpn 
caller-id-override number-inbound <number> <trunk id> 


Syntax Description 





<number> Specifies the number to display on caller ID. 

<trunk id> Optional. Specifies the trunk id (Txx) for outbound calls. 
emergency-outbound Specifies the calling party number on outbound emergency calls. 
number-inbound Specifies the calling party number on inbound calls. 

if-no-cpn Optional. Specifies caller ID override only if calling party number is not 


available in the Automatic Number Identifier (ANI). 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 

Release 11.1 Command was expanded to include the ISDN trunk. 

Release 15.1 Command was expanded to include the voice T1 trunks. 
Release 16.1 Command was expanded to include the if-no-cpn subcommand. 


Usage Examples 





The following example sets the caller ID override number on the trunk where the command is issued: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#caller-id-override number 555-8000 
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check-supported replaces 
Use the check-supported replaces command to check all support extensions on outbound messages and 


only send replaces when supported by the far end device. Otherwise, replaces are automatically sent 
regardless of the far end capabilities. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, this command is disabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example sets all DSOs on trunk T01 to busy and terminates calls that are active at the time 
the command is issued: 


(config)#voice trunk t01 type sip 
(config-t01)#check-supported replaces 
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codec-group <name> 


Use the codec-group command to configure the CODEC groups to use for the account. Generally you will 
have three CODEC groups: trunk, user, and fax. You will need to define CODEC lists to specify CODEC 
order (refer to voice codec-list <name> on page 958 for information). You will then use the Voice CODEC 
List Configuration Command Set on page 2252 (a subset of voice codec-list <name> command) to define 
the specific CODEC(s) you want each specific group to use for negotiation. Use the no form of this 
command to return to the default setting. 


Syntax Description 





<name> Specifies the name of the codec-list you previously defined to apply to this 
account. Generally three basic CODEC groups are needed: user, trunk, 
and fax. 


Default Values 





By default, no CODEC groups are assigned to this interface. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Order is important when creating the CODEC list. The trunk attempts to use the first CODEC in the list to 
negotiate a call. If the first CODEC negotiation is unsuccessful, the trunk uses the second CODEC in the 
list. If this is unsuccessful, the call will fail. For information on defining CODEC groups, refer to 
codec-group <name> on page 2493. 


Usage Examples 





The following example sets the CODEC group to 729only (a CODEC list that has already been 
configured): 


(config)#voice trunk t01 type sip 
(config-t01)#codec-group 729only 
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conferencing-uri <value> 


Use the conferencing-uri command to configure a conference application server URI that controls and 
uniquely identifies a conference. Use the no form of this command to return to default settings. 


Syntax Description 


<value> Specifies the extension or complete URI of the conference application 
server. 


Default Values 





By default, conferencing-uri is not configured. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the conferencing-uri to 0606: 


(config)#voice trunk t01 type sip 
(config-t01)#conferencing-uri 0606 
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dial-string source 


Use the dial-string source command to set the SIP dialing string field of your choice. Use the no form of 
this command to remove the specified setting. Variations of this command include the following: 


dial-string source request-uri 
dial-string source to 


Syntax Description 





request-uri Specifies the Request URI user field as the dialing string source. 
to Specifies the To header field as the dialing string source. 


Default Values 





No default value necessary for this command. 


Command History 


Release 13.1 Command was introduced. 


Usage Examples 





The following example enables the To header user field as the dial-string for this trunk: 


(config)#voice trunk t01 type sip 
(config-t01)#dial-string source to 
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domain <name> 


Use the domain command to configure the assigned domain name for host messages. The domain is an 
unique identifier for the SIP users on the trunk. Use the no form of this command to disable this feature. 


Syntax Description 


<name> Specifies the domain name for the Session Initiation Protocol (SIP) trunk 
commands. 


Default Values 





By default, no domain is configured. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the domain name as home.com: 


(config)#voice trunk t01 type sip 
(config-t01)#domain home.com 
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match <number> substitute <number> 


Use the match substitute command to substitute a different number for the number originally dialed by a 
user. If no match occurs (or no match statements have been entered) the original dialed number is 
propagated without being modified. Use the no form of this command to delete match substitutions. 





You can enter multiple match commands on each trunk. If multiple valid match statements 
‘one exist for a given dialed number, the first rated match is used. Therefore, order of input is 
important. 





Syntax Description 





match <number> Specifies the dialed number you are trying to match. 
substitute <number> Specifies the number to be sent in place of the first argument matched. 


Default Values 





By default, no substitutions are defined. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example attempts to match the dialed number 555-8000 and specifies that number 555-8500 
be sent if no match occurs: 


(config)#voice trunk t01 type sip 
(config-t01)#match 5558000 substitute 5558500 
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max-number-calls <va/ue> 
Use the max-number-calls command to configure the maximum number of calls allowed on this trunk. 


This command is useful in controlling the call usage of the trunk. Use the no form of this command to 
return to default settings. 


Syntax Description 





<value> Specifies the maximum number of calls allowed on this trunk. Range is 1 to 
64 calls. 


Default Values 





By default, no maximum number of calls is specified. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number of calls allowed to 25: 


(config)#voice trunk t01 type sip 
(config-t01)#max-num-calls 25 
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outbound-proxy primary 


Use the outbound-proxy primary command to define the primary name/address of the Session Initiation 
Protocol (SIP) proxy server to which the trunk will send all SIP messages. Use the no form of this 
command to return to default settings. Variations of this command include: 


outbound-proxy primary <value> 

outbound proxy primary <value> tcp 

outbound proxy primary <value> tcp <number> 
outbound-proxy primary <value> udp 
outbound-proxy primary <value> udp <number> 


Syntax Description 





<value> Specifies the fully qualified domain name (FQDN) or IP address of the 
outbound proxy server. 

<number> Specifies the port number. Range is 0 to 65535. 

tcp <number> Optional. Sets the TCP port of the outbound proxy server. 

udp <number> Optional. Sets the UDP port of the outbound proxy server. 


Default Values 
By default, the IP address is set to 0.0.0.0 and the UDP port is set to 5060. 





Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was expanded. 


Functional Notes 





The configured value must resolve to a valid IP address. 


Usage Examples 





The following example sets the outbound proxy server to sip-proxy.adtran.com with a UDP port of 2222: 


(config)#voice trunk t01 type sip 
(config-t01 )#outbound-proxy primary sip-proxy.adtran.com udp 2222 
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outbound-proxy secondary 


Use the outbound-proxy secondary command to define the secondary name/address of the Session 
Initiation Protocol (SIP) proxy server to which the trunk will send all SIP messages. Use the no form of 
this command to return to default settings. Variations of this command include: 


outbound-proxy secondary <value> 

outbound proxy secondary <val/ue> tcp 

outbound proxy secondary <value> tcp <number> 
outbound-proxy secondary <va/ue> udp 
outbound-proxy secondary <value> udp <number> 


Syntax Description 





<value> Specifies the fully qualified domain name (FQDN) or IP address of the 
outbound proxy server. 

<number> Optional. Specifies the port number. Range is 0 to 65535. 

tcp Optional. Sets the TCP port of the outbound proxy server. 

udp Optional. Sets the UDP port of the outbound proxy server. 


Default Values 
By default, the IP address is set to 0.0.0.0 and the UDP port is set to 5060. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





The configured value must resolve to a valid IP address. 


Usage Examples 





The following example sets the outbound proxy server to sip-proxy.adtran.com with a UDP port of 2244: 


(config)#voice trunk t01 type sip 
(config-t01)#outbound-proxy secondary sip-proxy.adtran.com udp 2244 
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register 


Use the register command to define the Session Initiation Protocol (SIP) name for registration of the 
authorization name(s) and password(s). Use the no form of this command to remove a registration. 
Variations of this command include the following: 


register <name> 

register <name> auth-name <username> password <word> 

register range <begin> <end> 

register range <begin> <end> auth-name <username> password <word> 

register range <begin> <end> auth-name range <begin> <end> password range <begin> <end> 
register range <begin> <end> auth-name range <begin> <end> password <word> 





When using the range option there must be the same number of elements in each related 


‘woe range. In other words each SIP user in a range must have one authentication name and/or 
one password. 





Syntax Description 





<name> Specifies the name of the SIP trunk to register. 

range <begin> <end> Specifies the beginning and ending of the range to register SIP users, 
authentication names and/or passwords. 

auth-name <username> Optional. Specifies the user name for authentication. 

password <word> Optional. Specifies the password for authentication. 


Default Values 





By default, no registration range is programmed. 


Command History 





Release 12.1 Command was introduced. 
Release 15.1 Command was expanded. 


Functional Notes 





Using the range option reduces the time required to program individual user registration and 
authentication settings. The range configuration options allows multiple users to be configured in one step 
for example: 


register range 2565553000 2565553100 auth-name range Adtran3000 Adtran3100 password range 
adtn3000 adtn3100 


In this example, 100 users in the range (256) 555-3000 to (256) 555-3100 are registered with 
authentication names ranging from Adtran3000 to Adtran3100 and passwords ranging from adtn3000 to 
adtn3100. 
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The user may enter an authentication name range, password range, or both. An error will be returned if the 
provided authentication name and/or password range values are not large enough for the SIP identity 
range provided (i.e., in the example, if the user had entered Adtran3000 Adtran3099 for the authentication 
name range, an error would have been returned because the specified SIP identity range is 100 users (not 
99)). 


Usage Examples 





The following example registers trunk T01 under the name of MainOffice: 


(config)#voice trunk T01 type sip 
(config-t01)#register MainOffice 


The following example sets the authorization name and password range for a group of SIP users: 
(config)#voice trunk T01 type sip 


(config-t01)#register range 2565554000 2565554100 auth-name range Adtran4000 Adtran4100 
password range adtn8000 adtn8100 
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registrar expire-time <value> 


Use the register expire-time command to define the Session Initiation Protocol (SIP) expiration time for 
registration. Use the no form of this command to return to default settings. 


Syntax Description 


<value> Specifies expiration time (in seconds) for a registration. 


Default Values 





By default, no registration expiration time is programmed. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example enables registration expiration time for the SIP trunk: 


(config)#voice trunk t01 type sip 
(config-t01)#register expire-time 
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registrar max-concurrent-reg <value> 
Use the registrar max-concurrent-reg command to control the maximum number of simultaneous 


registrations that are allowed. This value can be adjusted to help eliminate congestion caused by too many 
concurrent registrations. Use the no form of this command to return to the default value. 


Syntax Description 





<value> Specifies the maximum number of concurrent registrations. Valid range 
is 1 to 32 registrations. 


Default Values 





By default, the maximum number of concurrent registrations is set to 32. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example sets the maximum number on concurrent registrations to 12: 


(config)#voice trunk t01 type sip 
(config-t01)#registrar max-concurrent-reg 12 
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registrar primary <value> 


Use the registrar primary command to define the primary Session Initiation Protocol (SIP) registrar fully 
qualified domain name (FQDN) or IP address which is based on the DNS suffix. Use the no form of this 
command to return to the default settings. Variations of this command include: 


registrar primary <value> 

registrar primary <value> tcp 

registrar primary <value> tcp <number> 
registrar primary <va/ue> udp 

registrar primary <va/ue> udp <number> 





Wor An additional subcommand is available. Refer to registrar secondary <value> on page 
244]. 


Syntax Description 





<value> Specifies the FQDN or IP address of the registrar server. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 

<number> Optional. Specifies the port number. Range is 0 to 65535. 

tcp Optional. Sets the TCP port of the registrar server. 

udp Optional. Sets the UDP port of the registrar server. 


Default Values 
By default, the IP address is set to 0.0.0.0 and the UDP port is set to 5060. 


Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was expanded. 


Functional Notes 





This command specifies which trunk will send SIP register messages. The configured value must resolve 
to a valid IP address. 


Usage Examples 





The following example sets the registrar server to as1.adtran.com with a UDP port of 9060: 


(config)#voice trunk t01 type sip 
(config-t01)#registrar primary as1.adtran.com udp 9060 
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registrar require-expires 


Use the register require-expires command to define the Session Initiation Protocol (SIP) expiration time 
for registration. A successful response to a register contains an expires header or the response is considered 
a failure. When disabled, a successful response to does not require an expires header to be considered 
successful. Use the no form of this command to return to default settings. 


Syntax Description 





<value> Specifies expiration time (in seconds) for a response to a registration 
request. 


Default Values 





By default, the registration expiration time is enabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 


The following example disables registration expiration time for the SIP trunk: 


(config)#voice trunk t01 type sip 
(config-t01)#no register require-expires 
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registrar secondary <value> 


Use the registrar secondary command is used to define the secondary Session Initiation Protocol (SIP) 
registrar fully qualified domain name (FQDN) name or IP address which is based on the DNS suffix. Use 
the no form of this command to return to default settings. Variations of this command include: 


registrar secondary <value> 

registrar secondary <value> tcp 

registrar secondary <va/ue> tcp <number> 
registrar secondary <va/ue> udp 

registrar secondary <va/ue> udp <number> 


Syntax Description 





<value> Specifies the FQDN or IP address of the registrar server. IP addresses 
should be expressed in dotted decimal notation (for example, 10.10.10.1). 

<number> Optional. Specifies the port number. Range is 0 to 65535. 

tcp Optional. Sets the TCP port of the registrar server. 

udp Optional. Sets the UDP port of the registrar server. 


Default Values 
By default, the IP address is set to 0.0.0.0 and the UDP port is set to 5060. 





Command History 





Release 15.1 Command was introduced. 


Functional Notes 





This command specifies which trunk will send SIP register messages. The configured value must resolve 
to a valid IP address. 


Usage Examples 





The following example sets the registrar server to as1.adtran.com with a UDP port of 9060: 


(config)#voice trunk t01 type sip 
(config-t01)#registrar secondary as1.adtran.com udp 9060 
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registrar threshold 


Use the registrar threshold command to configure when the SIP trunk registration will be renewed. Use 
the no form of this command to return to the default value. Variations of this command include: 


registrar threshold absolute <va/ue> 
registrar threshold percentage <percent> 


Syntax Description 





absolute <time> Configures an absolute threshold time. This is the time in seconds between 
registrations. Valid range is 30 to 604,800 seconds (1 week). 


percentage <percent> Configures the threshold time as a percentage of the returned valid 
registration time. Valid range is 1 to 90 percent. 


Default Values 





By default, the registrar threshold is set at absolute 300 seconds. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example sets the registrar threshold time at 50 percent of the returned valid registration time: 


(config)#voice trunk t01 type sip 
(config-t01)#registrar threshold percentage 50 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2442 


Command Reference Guide Voice Trunk SIP Command Set 





reject-external 


Use the reject-external command to prevent inbound calls on the trunk from being routed back out of the 
same trunk. Use the no form of this command to return to default settings. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





In general, trunks are assigned to the user role, which means they terminate lines from a Telco provider. If 
this is the case, reject-external should be enabled so that inbound calls on the trunk cannot be routed 
back out of the same trunk. If the configuration is poor, inbound long distance calls could be routed back 
out the same trunk, causing the owner of the unit to be charged for long distance calls without his 
knowledge. For network-role trunks and SIP-based trunks, this command should be disabled to allow calls 
to be properly routed in the unit. 


Usage Examples 





The following example activates reject-external: 


(config)#voice trunk t01 type sip 
(config-t01)#reject-external 
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sip-keep-alive 


Use the sip-keep-alive command to configure the type of keep-alive method for this Session Initiation 
Protocol (SIP) trunk. Keep-alive messages must be sent between SIP device and the registrar to keep the 
connected channel open for communication. Use the no form of this command to return to default settings. 
Variations of this command include the following: 


sip-keep-alive info 
sip-keep-alive info <value> 
sip-keep-alive options 
sip-keep-alive options <value> 


Syntax Description 





info Specifies the INFO method to be used for the keep-alives on the trunk. 
options Specifies the OPTIONS method to be used for the keep-alives on the trunk. 
<value> Specifies the amount of time in seconds between the type of SIP keep-alive 


messages being sent during a call. Range is 30 to 3600 seconds. 


Default Values 





By default, this command is not configured. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 
The following example sets the keep-alive method to info: 


(config)#voice trunk t01 type sip 
(config-t01)#sip-keep-alive info 
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sip-server primary 


Use the sip-server primary command to define the primary name/address of the Session Initiation 
Protocol (SIP) server to which the trunk will send call-related SIP messages. Use the no form of this 
command to return to default settings. Variations of this command include: 


sip-server primary <value> 

sip-server primary <va/ue> udp 
sip-server primary <va/ue> udp <number> 
sip-server primary <value> tcp 

sip-server primary <value> tcp <number> 


Syntax Description 





<value> Specifies the fully qualified domain name (FQDN) or IP address of the SIP 
proxy server. IP addresses should be expressed in dotted decimal notation 
(for example, 10.10.10.1). 


<number> Optional. Specifies the port number. Range is 0 to 65535. 
tcp Optional. Sets the TCP port of the registrar server. 
udp Optional. Sets the UDP port of the SIP proxy server. 


Default Values 
By default, the IP address is set to 0.0.0.0 and the UDP port is set to 5060. 





Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was expanded. 


Usage Examples 


The following example sets the SIP proxy server to as1.adtran.com with a UDP port of 9060: 


(config)#voice trunk t01 type sip 
(config-t01)#sip-server primary as1.adtran.com udp 9060 
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sip-server secondary 


Use the sip-server secondary command to define the secondary name/address of the Session Initiation 
Protocol (SIP) server to which the trunk will send call-related SIP messages. Use the no form of this 
command to return to default settings. Variations of this command include: 


sip-server secondary <value> 

sip-server secondary <va/ue> udp 
sip-server secondary <va/ue> udp <number> 
sip-server secondary <va/ue> tcp 

sip-server secondary <va/ue> tcp <number> 


Syntax Description 





<value> Specifies the fully qualified domain name (FQDN) or IP address of the SIP 
proxy server. IP addresses should be expressed in dotted decimal notation 
(for example, 10.10.10.1). 


<number> Optional. Specifies the port number. Range is 0 to 65535. 
tcp Optional. Sets the TCP port of the registrar server. 
udp Optional. Sets the UDP port of the SIP proxy server. 


Default Values 
By default, the IP address is set to 0.0.0.0 and the UDP port is set to 5060. 





Command History 





Release 9.3 Command was introduced. 
Release 15.1 Command was expanded. 


Usage Examples 


The following example sets the SIP proxy server to as1.adtran.com with a UDP port of 9070: 


(config)#voice trunk t01 type sip 
(config-t01)#sip-server secondary as1.adtran.com tcp 9070 
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trust-domain 


Use the trust-domain command to add security measures for users’ identity and privacy by connecting the 
trunk to a trusted domain. Using the trusted domain adds another level of privacy from participating 
service providers. The system supports RFC 3323 and RFC 3325. Use the no form of this command to 
return to default settings. Variations of this command include the following: 


trust-domain 
trust-domain p-asserted-identity-required 


Syntax Description 





p-asserted-identity-required Requires the use of P-Asserted-Identity SIP privacy for this trusted 
domain. 


Default Values 





By default, the trust-domain is disabled. 


Command History 





Release 13.1 Command was introduced. 


Usage Examples 





The following example enables the trust-domain: 


(config)#voice trunk t01 type sip 
(config-t01)#trust domain 
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VOICE TRUNK T1 COMMAND SET 


To activate the Voice Trunk T1 Interface Configuration mode, enter the following command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice trunk t01 
(config-t01)# 


To activate the Voice Trunk T1 Feature Group D (FGD) Interface Configuration mode, enter the following 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type t1-rbs supervision fgd role user 
(config-t01)# 


To activate the Voice Trunk Ground Start (GS) User Interface Configuration mode, enter the following 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type t1-rbs supervision ground-start role user 
(config-t01)# 


To activate the Voice Trunk Loop Start (LS) User Interface Configuration mode, enter the following 
command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type t1-rbs supervision loop-start role user 
(config-t01)# 


To activate the Voice Trunk T1 Tie Trunk (TIE) Feature Group D (FGD) Interface Configuration mode, 
enter the following command at the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type t1-rbs supervision tie-fgd 
(config-t01)# 
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To activate the Voice Trunk T1 Wink Interface Configuration mode, enter the following command at the 
Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type t1-rbs supervision wink role [network | user] 
(config-t01)# 


To activate the Voice Trunk T1 Immediate Interface Configuration mode, enter the following command at 
the Global Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#voice trunk t01 type t1-rbs supervision immediate role [network | user] 
(config-t01)# 





Not all Trunk Tl commands apply to all T1 trunk types. Use the ? command to display a 
‘one list of valid commands. 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


alc on page 2451 

blind-dial on page 2452 

busy all on page 2453 

busy tl <slot/port> tdm-group <number> on page 2454 
caller-id on page 2455 

caller-id-override on page 2456 

codec-group <name> on page 2457 

connect tl <slot/port> tdm-group <number> on page 2458 
dialtone on page 2459 

did digits-transferred on page 2460 

dnis-digits <value> prefix <number> on page 2461 
early-cut-through on page 2462 


echo-cancellation on page 2463 
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match <number> substitute <number> on page 2464 
modem-passthrough on page 2465 

nls on page 2466 

plc on page 2467 

reject-external on page 2468 
resource-selection on page 2469 

rtp delay-mode on page 2470 

rtp dtmf-relay on page 2471 

rtp frame-packetization <value> on page 2472 
rtp packet-delay on page 2473 

rtp gos dscp <value> on page 2474 
treat-inbound-as-internal on page 2475 
trunk-number <number> on page 2476 
138 on page 2478 

138 error-correction on page 2479 

138 fallback-mode on page 2480 

138 max-buffer <buffer size> on page 2481 
138 max-datagram <value> on page 2482 
138 max-rate on page 2483 

138 redundancy on page 2454 

tx-ani on page 2485 

vad on page 2456 
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alc 
Use the ale command to enable auto level control (ALC). ALC reduces RTP received signals that are out 


of specification to the predefined levels. It is not necessary to enable ALC on those networks that 
guarantee signal levels to be within specification. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command was added to the Voice Trunk T1 command set. 


Usage Examples 





The following example activates the ALC: 


(config)#voice trunk t02 type t1-rbs supervision loop-start role user 
(config-t01)#alc 
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blind-dial 


Use the blind dial command to allow calls to be placed without the presence of dial-tone. Use the no form 


of this command to disable blind dialing. 


Syntax Description 


No subcommanads. 


Default Values 





By default, blind-dial is disabled. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example enables blind dialing: 


(config)#voice trunk t01 type analog supervision loop-start 
(config-t01)#blind-dial 
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busy all 


Use the busy all command to set all DSOs to busy so that no calls are allowed inbound or outbound. If any 
calls are active at the time this command is issued, the calls will stay active until either party terminates the 
call. Once terminated, the DSOs are busied out. Use the no form of this command to disable this feature. 
Variations of this command include: 


busy all 
busy all now 


Syntax Description 





now Optional. Immediately terminates calls that are active at the time the 
command is issued. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets all DSOs on trunk T01 to busy and terminates calls that are active at the time 
the command is issued: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#busy all now 
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busy t1 <s/ot/port> tdm-group <number> 


Use the busy t1 tdm-group command to set a particular set of DSOs (defined in a TDM group) to busy so 
that no calls are allowed inbound or outbound the interface. If any calls are active at the time this command 
is issued, the calls will stay active until either party terminates the call. Once terminated, the DSOs are set 
to busy. Use the no form of this command to disable this feature. Variations of this command include: 


busy t1 <s/ot/port> tdm-group <number> 
busy t1 <s/ot/port> tdm-group <number> now 


Syntax Description 





<slot/port> Specifies the slot/port for the T1. 
<number> Specifies the TDM group ID number. 
now Optional. Terminates calls that are active at the time the command is issued 


(for example, in the middle of a conservation). 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets DSOs in TDM group 2 to busy and terminates calls that are active when the 
command is issued: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#busy t1 0/1 tdm-group 2 now 
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caller-id 
Use the caller-id number command to interpret and pass caller identification (ID) on this trunk. This 


information usually displays the name, number, time and date of the calling party. Use the no form of this 
command to cancel the setting. 


Syntax Description 





No subcommanas. 


Default Values 





By default, caller ID is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables caller ID: 


(config)#voice trunk t01 type t1-rbs supervision fgd role user 
(config-t01)#caller-id 
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caller-id-override 


Use the caller-id-override command to replace the calling party information for this trunk with a specific 
number. This command is used to conceal user’s name and number or to display a different name and 
number for internal or external caller ID. Use the no form of this command to cancel the setting. Variations 
of this command include: 


caller-id-override emergency-outbound <number> 
caller-id-override number-inbound <number> 
caller-id-override number-inbound <number> if-no-cpn 
caller-id-override number-inbound <number> <trunk id> 


Syntax Description 





<number> Specifies the number to display on caller ID. 

<trunk id> Optional. Specifies the trunk id (Txx) for outbound calls. 
emergency-outbound Specifies the calling party number on outbound emergency calls. 
number-inbound Specifies the calling party number on inbound calls. 

if-no-cpn Optional. Specifies caller ID override only if calling party number is not 


available in the Automatic Number Identifier (ANI). 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 

Release 11.1 Command was expanded to include the ISDN trunk. 

Release 15.1 Command was expanded to include the voice T1 trunks. 
Release 16.1 Command was expanded to include the if-no-cpn subcommand. 


Usage Examples 





The following example sets the caller ID override number on the trunk where the command is issued: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#caller-id-override number 555-8000 
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codec-group <name> 


Use the codec-group command to configure the CODEC groups to use for the account. Generally you will 
have three CODEC groups: trunk, user, and fax. You will need to define a CODEC list to control the 
primary and secondary use of the available CODECs in your network for negotiation. Refer to the Voice 
CODEC List Configuration Command Set on page 2252 to define the specific order of the CODECs. Use 
the no form of this command to return to the default setting. 


Syntax Description 





<name> Specifies the name of the codec-list you previously defined to apply yo this 
account. Generally three basic CODEC groups are needed: user, trunk, 
and fax. 


Default Values 





By default, no CODEC groups are assigned to this interface. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Order is important when creating the CODEC list. The trunk attempts to use the first CODEC in the list to 
negotiate a call. If the first CODEC negotiation is unsuccessful, the trunk uses the second CODEC in the 
list. If this is unsuccessful, the call will fail. 


Usage Examples 





The following example associates the CODEC group named user with this trunk: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#codec-group user 
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connect t1 <s/ot/port> tdm-group <number> 
Use the connect t1 tdm-group command to specify the physical interfaces this trunk group will use for 


voice connections. Refer to tdm-group <number> on page 1296 for more information on creating TDM 
groups. Use the no form of this command to remove this association. 


Syntax Description 





<slot/port> Specifies the slot/port for the T1. 
<number> Specifies the TDM group ID number. 


Default Values 





By default, no physical interface is assigned. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example specifies that this trunk will use the DSOs in TDM group 3 (on T1 interface 0/1): 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#connect t1 0/1 tdm-group 3 
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dialtone 


Use the dialtone command to enable dialtone generation. Use the no form of this command to disable this 
feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the dialtone is enabled. 


Command History 





Release 15.1 Command was introduced. 


Usage Examples 





The following example disables dialtone on trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#no dialtone 
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did digits-transferred 


Use the did digits-transferred command to define how many of the received digits should be sent to the 
internal switchboard from an incoming call on a User Role Trunk. The number of digits transferred are the 
least significant digits received. Direct Inward Dialing (DID) should be used if a Telco provider is 
providing digits to the unit on inbound calls or if the unit needs to provide DID information to a piece of 
CPE equipment. Use the no form of this command to disable this feature. Variations of this command 
include: 


did digits-transferred <value> 
did digits-transferred <va/ue> prefix <number> 


Syntax Description 





<value> Specifies the number of digits to be transferred. Range is 1 to 16 digits. 


prefix <number> Optional. Specifies a sequence of digits to be prepended to the digits that 
will be transmitted. For example, if seven digits will be transferred via DID, 
then prefix the seven digits with 256. Thus 555-8000 would be prefixed 
with 256, transmitting out the string of digits 256-555-8000. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





User Role Example: 


555-1000 is an incoming call on the trunk. With did digits-transferred <va/ue> set to 4, the number 1000 
will be sent to the switchboard. On a network role trunk, the did digits-transferred command allows you to 
define how many of the digits from the Accept criteria should be sent externally from a call that was routed 
by the switchboard. The number of digits transferred are the least significant digits received. 


Network Role Example: 


555-1000 is accepted on the UT interface. With did digits-transferred <va/ue> set to 4, the number of 
1000 will be sent to the device connected to the UT interface. This command cannot be specified if and 
when trunk-number is being used. Conversely, if DID is used, trunk-number will not be allowed. 


Usage Examples 





The following example transfers the digits 555-8000 and adds the prefix 256: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#did digits-transferred 5558000 prefix 256 
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dnis-digits <va/ue> prefix <number> 


Use the dnis-digits prefix command to program the number of digits to be transferred inbound on the 
specific trunk. Use the no form of this command to cancel the setting. 


Syntax Description 


<value> Specifies the number of digits to be transferred. 
<number> Specifies the number prefix to prepend to the transferred digits. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example sets the number of transferred DNIS digits to 4 on trunk T01 and sets the prefix 
555: 


(config)#voice trunk t01 type t1-rbs supervision fgd role user 
(config-t01)#dnis-digits 4 prefix 555 
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early-cut-through 


Use the early-cut-through command to provide the caller with inband ringback and other call progress 
signals. This command should not be issued if the connected equipment does not provide inband ringback 
and other call progress signals. This option is only valid for voice trunks in the network role. Use the no 
form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, early-cut-through is disabled. 


Command History 





Release A1 Command was introduced. 


Usage Examples 





The following example activates early-cut-through: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#early-cut-through 
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echo-cancellation 


Use the echo-cancellation command to improve voice quality for packetized-based voice calls such as 
voice over IP (VoIP) or Media Gateway Control Protocol (MGCP). Use the no form of this command to 


disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, echo-cancellation is enabled. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example activates echo-cancellation: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#echo-cancellation 
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match <number> substitute <number> 


Use the match substitute command to substitute a different number for the number originally dialed by a 
user of the system. If no match occurs (or no match statements have been entered) the original dialed 
number will be propagated without being modified. Use the no form of this command to delete match 
substitutions. 





You can enter multiple match commands on each trunk. The first valid match that is found 
‘wore for outbound numbers will be used in configurations where more than one match statement 
is valid for a given dialed number. Therefore, order of input is important. 





Syntax Description 





match <number> Specifies the dialed number that you are trying to match. 
substitute <number> Specifies the number that will be sent in place of the number that was 
matched. 


Default Values 





By default, no substitutions are defined. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 


The following example attempts to match the dialed number 555-8000 and specifies that number 555-8500 
will be sent if no match occurs: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#match 5558000 substitute 5558500 
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modem-passthrough 


Use the modem-passthrough command to switch to pass-through mode on fax or modem tone detection. 
This command allows modem and fax calls to maintain a connection without altering the signals with the 
voice improvement settings such as echo cancellation and voice activity detection (vad). Use the no form 
of this command to disable this feature. Variations of this command include: 


modem-passthrough 
modem-passthrough detection-time <va/ue> 


Syntax Description 





detection-time <value> Optional. Specifies the fax and/or modem detection time length value in 
seconds. Range is 0 to 8 seconds. 


Default Values 





By default, modem-passthrough is enabled. 


Command History 





Release 11.1 Command was introduced. 
Release 12.1 Command was expanded. 


Usage Examples 





The following example disables modem-passthrough: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#no modem-passthrough 
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nis 


Use the nls command to enable the non-linear suppression (NLS) option for the user. This option sets the 
echo canceller to reduce acoustic echo. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 14.1 Command was introduced. 
Release 15.1 Command was added to the Voice Trunk T1 command set. 


Usage Examples 





The following example enables NLS on trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#nIs 
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plc 


Use the ple command to enable packet loss concealment (PLC). PLC is used to prevent choppy 


connections by concealing a packet loss by replacing the lost packet with another voice packet in the data 


stream. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, PLC is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example disables PLC on trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#no plc 
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reject-external 


Use the reject-external command to prevent inbound calls on the trunk from being routed back out of the 
same trunk. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





By default, reject-external is enabled on this interface. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





In general, trunks are assigned to the user role, which means they terminate lines from a Telco provider. If 
this is the case, reject-external should be enabled so that inbound calls on the trunk cannot be routed 
back out of the same trunk. If the configuration is poor, inbound long distance calls could be routed back 
out the same trunk, causing the owner of the unit to be charged for long distance calls without his 
knowledge. For network-role trunks and SIP-based trunks, this command should be disabled to allow calls 
to be properly routed in the unit. 


Usage Examples 





The following example disables reject-external: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#no reject-external 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2468 


Command Reference Guide Voice Trunk T1 Command Set 





resource-selection 


Use the resource-selection command to determine how the switchboard uses outbound call resources 
contained within a TDM-based trunk group. Use the no form of this command to disable this feature. 
Variations of this command include: 


resource-selection circular 
resource-selection circular ascending 
resource-selection circular descending 
resource-selection linear 
resource-selection linear ascending 
resource-selection linear descending 


Syntax Description 





circular Performs call load balancing among available DSOs/B-channels in this 
trunk. Subsequent calls will be delivered to the next available 
DS0/B-channel in a round-robin fashion. 


linear Specifies that a call being delivered to this trunk will be accepted out the first 
available DSO/B-channel available at the time the call is received. 

ascending Optional. Distributes calls in an order from the lowest to the highest channel 
(DSO 1, 2, 3 through 24). 

descending Optional. Distributes calls in an order from the highest to the lowest channel 


(DSO 24, 23, 22 through 1). 


Default Values 





By default, resource selection is set to linear. 


Command History 





Release 9.3 Command was introduced. 
Release 13.1 Command was expanded to include the ascending and descending 
subcommands. 


Usage Examples 





The following example specifies circular resource selection: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#resource-selection circular 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2469 


Command Reference Guide Voice Trunk T1 Command Set 





rtp delay-mode 


Use the rtp delay-mode command to configure the Realtime Transport Protocol (RTP) jitter buffer packet 
delay mode settings. RTP is used to prevent static on voice connections by enhancing the quality of the 
packet delivery. Use the no form of this command to return to the default settings. Variations of this 
command include: 


rtp delay-mode adaptive 
rtp delay-mode fixed 


Syntax Description 





adaptive Configures the RTP jitter buffer packet delay to adjust during a call based 
on network conditions. 


fixed Configures the RTP jitter buffer packet delay to remain constant. 


Default Values 


By default, the RTP delay mode is set to adaptive. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures RTP delay mode as fixed: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#rtp delay-mode fixed 
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rtp dtmf-relay 


Use the rtp dtmf-relay command to configure the method by which Realtime Transport Protocol (RTP) 
Dual Tone Multi-Frequency (DTMF) events are relayed. The dial digits can be sent inband or out-of-band 
of the voice stream. Use the no form of this command to return to the default value. Variations of this 
command include: 


rtp dtmf-relay inband 
rtp dtmf-relay nte <va/ue> 


Syntax Description 


inband Specifies that RTP DTMF events be relayed inband in the RTP stream. 


nte <value> Specifies that RTP DTMF events be relayed out-of-band using NTE. Enter 
an NTE value between 96 and 127. 





Default Values 
By default, the rtp dtmf-relay is set for NTE 101. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example configures RTP DTMF relay events for inband: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#rtp dtmf-relay inband 
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rtp frame-packetization <value> 
Use the rtp frame-packetization command to configure the Realtime Transport Protocol (RTP) frame 


packetization time in milliseconds for individual trunks and users. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Configures the RTP frame packetization time value in milliseconds. Select 
from 10, 20, or 30 milliseconds. 


Default Values 





By default, the rtp frame-packetization time is set to 20 milliseconds on all trunks and users. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the frame packetization time for trunk TO1 to 10 milliseconds: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#rtp frame-packetization 10 
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rtp packet-delay 


Use the rtp packet-delay command to configure the maximum Realtime Transport Protocol (RTP) packet 
delays. This command is used to set the allowable limits of latency on the network. Use the no form of this 
command to return to default values. Variations of this command include: 


rtp packet-delay fax <va/ue> 
rtp packet-delay maximum <value> 
rtp packet-delay nominal <value> 


Syntax Description 





fax <value> Sets the fax delay time value. Range is 0 to 500 milliseconds. 


maximum <value> Sets the maximum delay time value in increments of 10 milliseconds. 
Range is 40 to 320 milliseconds. 


nominal <value> Sets the nominal delay time value in increments of 10 milliseconds. Range 
is 10 to 240 milliseconds. 


Default Values 





By default, the RTP packet delay for fax is 300, maximum is 100, and nominal is 50. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example configures the RTP fax delay time on trunk T01 to 200 milliseconds: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#rtp packet-delay fax 200 
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rtp qos dscp <value> 
Use the rtp qos dscp command to configure the maximum Realtime Transport Protocol (RTP) quality of 


service (QoS) parameters for differentiated services code point (DSCP). Use the no form of this command 
to return to default values. 


Syntax Description 





<value> Configures the RTP QoS parameter for DSCP. Enter a value between 
10 and 63. 


Default Values 
By default, no RTP QoS DSCP is configured for this interface. 





Command History 





Release 9.3 Command was introduced. 


Functional Note 


By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. QoS is set using a Differentiated Services Code Point, or DSCP value. Valid 
DSCP values are 10-63, and a higher DSCP value has a higher priority. The default DSCP value for RTP is 
46. Remember that if you are using a public IP connection, such as the Internet, for voice over IP, 
end-to-end QoS may not be guaranteed. The default DSCP value for SIP is 26. To configure QoS for the 
RTP traffic that carries the voice conversation, use the command, ip rtp qos dscp followed by the desired 
DSCP value. 


Usage Examples 
The following example configures the RTP QoS DSCP for trunk T01 to 46: 





(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#rtp qos dscp 46 
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treat-inbound-as-internal 


Use the treat-inbound-as-internal command to make incoming trunk calls appear as internal calls. Use 
the no form of this command to cancel the setting. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the unit to treat inbound calls on trunk T03 as internal calls: 


(config)#voice trunk t03 type t1-rbs supervision tie-fgd role user 
(config-t03)#treat-inbound-as-internal 
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trunk-number <number> 


Use the trunk number command to define the call routing when DID is disabled. This feature directs 
incoming calls to the specified number when DID is not present. This command also allows users to 
activate different system modes of operation that redirect incoming calls to a different number depending 
on the specified mode. Use the no form of this command to disable this feature. Variations of this 
command include: 


trunk-number <number> 
trunk-number custom1 <number> 
trunk-number custom1 no-number 
trunk-number custom2 <number> 
trunk-number custom2 no-number 
trunk-number custom3 <number> 
trunk-number custom3 no-number 
trunk-number lunch <number> 
trunk-number lunch no-number 
trunk-number night <number> 
trunk-number night no-number 
trunk-number no-number 
trunk-number override <number> 
trunk-number override no-number 
trunk-number weekend <number> 
trunk-number weekend no-number 


Syntax Description 





<number> Specifies the number used for call routing when DID is disabled. 
custom 1 - custom3 Specifies the custom mode to use. 

lunch Specifies the lunch-time mode. 

night Specifies the night-time mode. 

no-number Specifies no inbound calls are allowed on this trunk. 

override Specifies the override mode. 

weekend Specifies the weekend mode. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 
Release 15.1 Command was added to the FGD Trunk options. 
Release 16.1 Command was expanded to included new subcommands. 
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Usage Examples 





The following example defines call routing on trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#trunk-number 4000 
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138 


Use the t38 command to enable T.38 fax operation. Use the no form of this command to disable this 
feature. 





operation to work. 


Wor The modem-passthrough command (refer to page 2465) must be enabled for T.38 





Syntax Description 





No subcommanas. 


Default Values 
By default, T.38 is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables T.38 for Trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#t38 


Technology Review 


T.38 is an International Telecommunication Union (ITU) specification that allows Group-3 Fax (T.30) data to 
be transported over the Internet. It is similar to dual tone multi-frequency (DTMF) relay (RFC 2833) in that 
the digital signal processor (DSP) decodes tones and demodulated fax data and converts them into 
packets. A similar device on the other end takes the packets/tones and remodulates them so that an 
analog fax machine on the other end can receive the fax. AOS’s previous support (revision 12 through 15) 
for fax/modem signals was simply detecting a tone and forcing the CODEC into G.711 and 
disabling/enabling echo cancellers based on the tones detected. When packet loss becomes high, sending 
faxes over G711 becomes problematic, due to dropped messages and timeouts/retrains. 


T.38 can be used in conjunction with various call-control schemes such as H.323, SIP, and Media Gateway 
Control Protocol (MGCP). AOS only supports SIP as the call-control method. This is typically referred to 
T.38/Annex-D. Annex-D describes the Session Initiation Protocol/Session Description Protocol (SIP/SDP) 
call establishment procedures. 
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38 error-correction 


Use the t38 error-correction command to specify the type of fax error correction. Use the no form of this 
command to disable this feature. Variations of this command include: 


t38 error-correction fec 
t38 error-correction redundancy 


Syntax Description 





fec Specifies forward error correction (FEC) as the fax error correction. FEC is 
a system of error control where the sender adds redundant data to its 
messages allowing the receiver to detect and correct errors (within certain 
bounds) without the need to request additional data from the sender. 


redundancy Specifies redundancy as the fax error correction. Redundancy error 
correction replicates the payload a user-specified number of times to 
determine if errors are present. The number of redundant packets is set 
using the t88 redundancy command (refer to page 2484). 


Default Values 





By default, t38 error-correction is set to redundancy. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 error-correction to fec for user Trunk T03: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)# error-correction fec 
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t38 fallback-mode 


Use the t38 fallback-mode command to specify the transmission mode used when T.38 fax relay cannot 
be successfully negotiated at the time of the fax transfer. Use the no form of this command to disable this 
feature. Variations of this command include: 


138 fallback-mode fail488 
138 fallback-mode fail606 
t38 fallback-mode g711 


Syntax Description 





fail488 Specifies using the fail488 SIP error message. 
fail606 Specifies using the fail606 SIP error message. 
g711 Specifies that fax operation revert back to analog mode (G.711). 


Default Values 





By default, t38 fallback-mode is set to g711. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 fallback-mode to fail606 for Trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)t38 fallback-mode fail606 
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138 max-buffer <buffer size> 


Use the t38 max-buffer command to set the maximum buffer size for T.38 fax operation. Use the no form 
of this command to return to the default value. 


Syntax Description 


<buffer-size> Specifies the maximum number of bytes that can be received before an 
overflow condition occurs. Range is 0 to 400 bytes. 


Default Values 





By default, the maximum buffer size is set to 200. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-buffer to 100 for Trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)t38 max-buffer 100 
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t38 max-datagram <value> 


Use the t38 max-datagram command to set the maximum datagram value in this unit. Use the no form of 
this command to return to the default value. 


Syntax Description 


<value> Specifies the maximum number of bytes a User Datagram Protocol 
Transport Layer (UDPTL) packet can be that can be received. Range is 0 to 
300 bytes. 


Default Values 





By default, the maximum datagram value is set to 75. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t88 max-datagram to 100 for Trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)t38 max-datagram 100 
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138 max-rate 


Use the t38 max-rate command to specify the fax maximum rate. The actual transmission rate may be 
lower than specified rate if the receiving end cannot support the maximum rate. Use the no form of this 
command to return to the default value. Variations of this command include: 


t38 max-rate 12000 
t38 max-rate 14400 
t38 max-rate 2400 
t38 max-rate 4800 
t38 max-rate 7200 
t38 max-rate 9600 


Syntax Description 





12000 Specifies 12000 baud/bits as fax maximum rate. 
14400 Specifies 14400 baud/bits as fax maximum rate. 
2400 Specifies 2400 baud/bits as fax maximum rate. 
4800 Specifies 4800 baud/bits as fax maximum rate. 
7200 Specifies 7200 baud/bits as fax maximum rate. 
9600 Specifies 9600 baud/bits as fax maximum rate. 


Default Values 





By default, the maximum fax rate is set to 14400. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example set the t88 max-rate to 4800 for Trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)t38 max-rate 4800 
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t38 redundancy 


Use the t38 redundancy command to set the number of redundant packets sent when the t38 


error-correction redundancy feature is enabled. Use the no form of this command to return to the default 


value. Variations of this command include: 


t38 redundancy high-speed <va/ue> 
t38 redundancy low-speed <value> 


Syntax Description 





high-speed <value> Specifies the number of redundant T.38 fax packets to be sent for data 
messages (high-speed fax machine image data). Range is 0 (no 
redundancy) to 4 packets. 


low-speed <value> Specifies the number of redundant T.38 fax packets to be sent for the 
signaling messages (low-speed fax machine protocol). Range is 0 (no 
redundancy) to 7 packets. 


Default Values 





By default, high-speed and low-speed redundancy values are set to 0 (no redundancy). 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables t38 error-correction redundancy and sets the number of redundant data 


messages to 3 for Trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#t38 error-correction redundancy 
(config-t01)#t38 redundancy high-speed 3 
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tx-ani 


Use the tx-ani command to transmit Automatic Number Identification (AND) (calling-party number) and 
Dialed Number Identification Service (DNIS) (called-party number) for outbound Feature Group D (FGD) 
calls. This command is only valid on a trunk configured for FGD supervision. Use the no form of this 
command to cancel the setting. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 15.1 Command was added to the FGD command set. 


Usage Examples 





The following example configures the system to transmit ANI/DNIS information on the outbound FGD 
trunk: 


(config)#voice trunk t03 type t1-rbs supervision fgd role user 
(config-t03)#tx-ani 
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vad 


Use the vad command to enable voice activity detection (VAD). VAD blocks out noise categorized as 
silence during a voice connection. The silent voice packets are not transmitted, allowing bandwidth usage 
to be reduced. Although VAD saves bandwidth, the quality of the voice call may be compromised. Use the 
no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 
By default, VAD is enabled for all T1 RBS trunks and users. 





Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example disables VAD on trunk T01: 


(config)#voice trunk t01 type t1-rbs supervision wink role network 
(config-t01)#no vad 
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VoICE USER CONFIGURATION COMMAND SET 


To activate the Voice User Configuration mode, enter the voice user command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#voice user 4444 
(config-4444)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


alias “<text>” on page 44 
cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


alc on page 2489 

block-caller-id on page 2490 
caller-id-override on page 249] 
call-waiting on page 2492 
codec-group <name> on page 2493 
connect on page 2494 

cos on page 2495 

coverage on page 2497 

did <number> on page 2499 
directory-include on page 2500 
dnd on page 2501 

door-phone on page 2502 
echo-cancellation on page 2503 
email <address> on page 2504 
email-secondary <address> on page 2505 
first-name <name> on page 2506 
forward <number> on page 2507 
forward-disconnect on page 2508 
fwd-courtesy on page 2509 

hotel on page 2510 
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hotline <number> on page 2511 
last-name <name> on page 2512 
message-waiting on page 2513 
modem-passthrough on page 2514 

nls on page 2515 

notify email on page 2516 

num-rings on page 2517 

password <password> on page 2519 

plc on page 2520 

rtp delay-mode on page 2521 

rtp dtmf-relay on page 2522 

rtp frame-packetization <value> on page 2523 
rtp packet-delay on page 2524 

rtp gos dscp <value> on page 2525 

show voice mail on page 2526 
sip-identity on page 2528 
special-ring-cadences on page 2529 
speed-dial <number> on page 2530 
station-lock on page 2531 

138 on page 2532 

138 error-correction on page 2533 

138 fallback-mode on page 2534 

138 max-buffer <buffer size> on page 2535 
138 max-datagram <value> on page 2536 
138 max-rate on page 2537 

138 redundancy on page 2538 

vad on page 2539 


voicemail on page 2540 
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alc 


Use the ale command to enable auto level control (ALC). ALC reduces RTP received signals that are out 


of specification to the predefined levels. It is not necessary to enable ALC on those networks that 


guarantee signal levels to be within specification. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example activates the ALC for user 4444: 


(config)#voice user 4444 
(contig-4444)#alc 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


2489 


Command Reference Guide Voice User Configuration Command Set 





block-caller-id 
Use the block-caller-id command to block all inbound caller ID delivery to this user. This command 


prevents the selected user from receiving caller ID information. Use the no form of this command to 
disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example activates the block-called-id command for user 4444: 


(config)#voice user 4444 
(config-4444)#block-caller-id 
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caller-id-override 


Use the caller-id-override command to manipulate caller ID information for the user. This command is 
used to conceal user’s name and number or to display a different name and number for internal or external 
caller ID. Use the no form of this command to disable this feature. Variations of this command include: 


caller-id-override external number <number> 
caller-id-override internal-name empty 
caller-id-override internal-name <name> 
caller-id-override internal-number empty 
caller-id-override internal-number <number> 


Syntax Description 





external-number <number> Replaces the caller ID number on external calls with the specified number. 


internal-name Replaces the caller ID name on internal calls. 

<name> Inserts this name for caller ID for internal calls. 

internal-number Replaces caller ID number on internal calls. 

<number> Inserts this number for caller ID for internal calls. 

empty Makes the caller ID name or number on internal calls display as blank. 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example activates the caller-id-override command for external numbers for user 4444: 
(config)#voice user 4444 

(config-4444)#caller-id-override external-number 256-555-8000 

This examples actives the caller-id-override command for names with internal calls and makes the 
display appear blank: 


(config)#voice user 4444 
(config-4444)#caller-id-override internal-number empty 
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call-waiting 


Use the call waiting command to enable call waiting for a user. The selected user will be allowed to 
receive caller ID information. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example activates the call-waiting command for user 4444: 


(config)#voice user 4444 
(config-4444)#call-waiting 
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codec-group <name> 


Use the codec-group command to configure the CODEC groups to use for the account. Generally you will 
have three CODEC groups: trunk, user, and fax. You will need to define a CODEC list to control the 
primary and secondary use of the available CODECs in your network for negotiation. Refer to the Voice 
CODEC List Configuration Command Set on page 2252 to define the specific order of the CODECs. Use 
the no form of this command to return to the default setting. 


Syntax Description 





<name> Specifies the name of the codec-list you previously defined to apply yo this 
account. Generally three basic CODEC groups are needed: user, trunk, 
and fax. 


Default Values 





By default, no CODEC groups are assigned to this interface. 


Command History 





Release 9.3 Command was introduced. 


Functional Notes 





Order is important when creating the CODEC list. The trunk attempts to use the first CODEC in the list to 
negotiate a call. If the first CODEC negotiation is unsuccessful, the trunk uses the second CODEC in the 
list. If this is unsuccessful, the call will fail. 


Usage Examples 





The following example activates the CODEC group with the name trunk: 


(config)#voice user 4444 
(config-4444)#codec-group Trunk 
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connect 


Use the connect command to associate physical ports with the user. This commands assigns a specific 
station or port type to the user. Use the no form of this command to remove associations. Variations of this 
command include: 


connect fxs <s/ot/port> 
connect sip 


Syntax Description 





fxs <slot/port> Specifies that an FXS port is associated with the user. 
sip Specifies that this is a SIP user. 


Default Values 





By default, users are not associated with physical ports. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example associates the physical FXS slot 1/port 1 interface with the user 4444: 
(config)#voice user 4444 

(config-4444)#connect fxs 1/1 

The following example associates a SIP port with the user 4444. 


(config)#voice user 4444 
(contig-4444)#connect sip 
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Cos 


Use the cos command to set class-of-service (CoS) mode for the user. The CoS can be set to change for the 
user based on the current system mode by including the system mode parameter. The CoS defines the types 
of phone service that will be available to the user during the time period. Use the no form of this command 
to disable this feature. Variations of this command include: 


cos <name> 
cos [<system mode>] <name> 
cos no-access 

cos [<system mode>] no-access 
cos override <name> 

cos override no-access 


Syntax Description 





<name> Specifies the predefined CoS. 


<system mode> Optional. Specifies the system mode to configure. Choose from custom1, 
custom2, custom3, lunch, night, or weekend. Refer to the Functional 
Notes of this command for more information on configuring system modes. 


no-access Blocks users from placing calls when the CoS is applied. 
override Ignores the programmed system mode schedule. 


Default Values 





By default, the CoS is set to no-access. 


Command History 





Release 9.3 Command was introduced. 
Release A1 Command was expanded to include the system mode options. 


Functional Notes 


Additional functionality for this feature is provided by assigning a CoS to a specific system mode. When the 
system mode changes at a trigger point, the user’s CoS changes. 


For example, a CoS applied to the user when the system mode is specified as night can be used to 
prevent outbound calls during evening hours. System modes are defined from the Global Configuration 
mode using the command voice system-mode on page 996. 


Usage Examples 





The following example specifies the CoS Assistant for the user 4444. 


(config)#voice user 4444 
(config-4444)#cos Assistant 
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The following example configures the user’s CoS to change to general when the system mode changes to 
night. 


(config)#voice user 4444 
(config-4444)#cos night general 
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coverage 


Use the coverage command to configure call coverage parameters for the user. The call coverage setting 
determines how a call is handled if the party dialed does not answer after a specified number of rings. Use 
the no form of this command to remove an individual coverage parameter. Variations of this command 
include: 


coverage aa 
coverage aa <number> 

coverage global <name> 

coverage internal <number> 

coverage internal <number> num-rings <value> 
coverage operator 

coverage operator num-rings <value> 

coverage override <value> 

coverage override external <number> 

coverage override global <name> 

coverage override internal <number> 

coverage override internal <number> num-rings <value> 
coverage override operator 

coverage override operator num-rings <value> 
coverage override vm 

coverage override vm <number> 

coverage vm 

coverage vm 

coverage vm <number> 

coverage [<system modes] aa 

coverage [<system mode>] aa <number> 

coverage [<system mode>] external <number> 

coverage [<system mode>] global <name> 

coverage [<system mode>] internal <number> 

coverage [<system mode>] internal <number> num-rings <value> 
coverage [<system mode>] operator 

coverage [<system mode>] operator num-rings <value> 
coverage [<system mode>] vm 

coverage [<system mode>] vm <number> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 


aa <number> Forwards the call to the auto attendant. It is optional to enter a specific 
extension programmed for the auto attendant. If no extension is specified, 
the phone is forwarded to the default auto attendant. 
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external <number> Forwards the call to the specified external number. If no number is entered, 
the default auto answer is used. 

global <name> Uses the specified global call coverage list. 

internal <number> Forwards the call to the specified internal number. 

num-rings <value> Optional. Specifies the number of rings for the call before performing the 
next action. Valid range is 1 to 9. 

operator Forwards the call to the operator. 

override Ignores the programmed system mode schedule. 

vm Forwards the call to voice mail. 

vm <number> Optional. Forwards the phone to the specified mailbox number. 


Default Values 





By default, no system mode call coverage is specified. 


Command History 





Release 9.3 Command was introduced. 

Release 11.1 Command was updated to include the voice mail and number of rings 
options. 

Release 12.1 Command was updated to include auto attendant, global, and operator 
options. 

Release A1 Command was updated to include system mode feature options. 


Functional Notes 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 





The following example specifies that the user's phone be forwarded to the internal extension 8500 when in 
the night system mode after 3 rings. 


(config)#voice user 4444 
(config-4444)#coverage night internal 8500 num-rings 3 
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did <number> 
Use the did command to configure direct inward dial (DID) parameters for the extension. DID is used if a 


service provider is providing digits to the unit on inbound calls or if the unit needs to provide DID 
information to a piece of CPE equipment. Use the no form of this command to disable this feature. 


Syntax Description 





<number> Specifies the DID number for the user. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example assigns a did number of 555-4560 to user 4444: 


(config)#voice user 4444 
(config-4444)#did 5554000 
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directory-include 


Use the directory-include command to add this user in a dial-by-name (DBN) directory. Adding users to 
the directory allows the users to call parties by the voice user’s name stored in the system. Use the no form 
of this command to disable this feature. Variations of this command include: 


directory-include 

directory-include first-name <name> 

directory-include first-name <name> last-name <name> 
directory-include <directory name> 

directory-include <directory name> first-name <name> 

directory-include <directory name> first-name <name> last-name <name> 


Syntax Description 





first-name <name> Optional. Specifies the directory entry of the user’s first name to be included 
in the directory. 


last-name <name> Optional. Specifies the directory entry of the user’s last name to be included 
in the directory. 


<name> Optional. Specifies the name of a directory. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 
Release 14.1 Command was expanded. 


Functional Notes 





Using this command automatically retrieves the values stored in the first-name and last-name for the dial- 
by-name (DBN) directory. If a user also uses an alias, you may add extra entries into the DBN directory by 
specifying the first and last names within the directory-include command. 


By default, a system directory is always available. All voice users are automatically added as members of 
the system directory. 


Usage Examples 





The following example adds the user 4444 to a dial-by-name directory: 


(config)#voice user 4444 
(config-4444)#directory-include 
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dnd 
Use the dnd command to enable the do not disturb (DND) option for the user. This setting prevents the 


phone extension assigned to the user from ringing. Use the no form of this command to disable this 
feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example enables DND for user 4444: 


(config)#voice user 4444 
(contig-4444)#dnd 
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door-phone 


Use the door-phone command to enable the door phone mode for this extension. Use the no form of this 
command to disable the door phone mode for this extension. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the door phone mode is disabled. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example makes extension 4444 the door phone extension. 


(config)#voice user 4444 
(config-4444)#door-phone 
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echo-cancellation 
Use the echo-cancellation command to improve voice quality for packetized-based voice calls such as 


voice over IP (VoIP) or Media Gateway Control Protocol (MGCP). Use the no form of this command to 
disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, echo-cancellation is enabled. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example activates echo-cancellation for user 4444: 


(config)#voice user 4444 
(config-4444)#echo-cancellation 
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email <address> 


Use the email command to configure the primary email notification address for this extension. Use the no 
form of this command to remove a configured email address. 


Syntax Description 


<address> Specifies the primary email notification address for this extension. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the primary email notification address for this extension as 
first.last@company.com. 


(config)#voice user 4444 
(config-4444)#email first.last@company.com 
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email-secondary <address> 
Use the email-secondary command to configure the secondary email notification address for this 


extension. The secondary email address will be used based on the email notification schedule. Use the no 
form of this command to remove a configured secondary email address. 


Syntax Description 





<address> Specifies the secondary email notification address for this extension. 


Default Values 





No default value necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example configures the secondary email notification address for this extension as 
first.last@company.com. 


(config)#voice user 4444 
(config-4444)#email-secondary first.last@company.com 
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first-name <name> 


Use the first-name command to specify the user’s first name. The name will represent the user’s first 
name in the system. Use the no form of this command to remove a first name. 


Syntax Description 


<name> Specifies the user’s first name. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example specifies the first name of user 4444: 


(config)#voice user 4444 
(config-4444)#first-name John 
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forward <number> 
Use the forward command to redirect all calls to this extension to a specified number. Forwarding calls 


allows the use to receive incoming calls at a different number. Use the no form of this command to disable 
this feature. 


Syntax Description 





<number> Forwards all calls to the specified number. Do not include dashes or 
hyphens in the number. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example forwards all calls to user 4444 to the number 256-555-8000: 


(config)#voice user 4444 
(config-4444)#forward 2565558000 
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forward-disconnect 


Use the forward-disconnect command to specify the method of manipulating the polarity to signal a 
disconnect of the line. Use the no form of this command to disable this feature. Variations of this 
command include: 


forward-disconnect battery remove 
forward-disconnect battery reverse 
forward-disconnect delay <value> 


Syntax Description 





battery remove Specifies that the battery will be removed upon disconnect. 
battery reverse Specifies that the battery will be reversed upon disconnect. 
delay <value> Sets a forward disconnect delay time value in milliseconds. Specify 250, 


500, 750, 1000, or 2000 milliseconds. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example removes the battery upon disconnect for user 4444. This command is used most 
often with a fax machine that needs to be alerted that a call has ended: 


(config)#voice user 4444 
(config-4444)#forward-disconnect battery remove 
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fwd-courtesy 


Use the fwd-courtesy command to enable the courtesy ring feature when a call is forwarded to notify the 
user that an incoming call has been re-routed. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sends a courtesy ring when a call is forwarded: 


(config)#voice user 4444 
(contig-4444)#fwd-courtesy 
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hotel 


Use the hotel command to allow extension reassignment to an alternate phone. Use the no form of this 
command to deny extension reassignment. 


Syntax Description 


No subcommanads. 


Default Values 





By default, the hotel feature is disabled. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example enables the user to assign extension 4444 to an alternate phone: 


(config)#voice user 4444 
(config-4444)#hotel 
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hotline <number> 
Use the hotline command to configure the user’s phone as a hotline phone. When the user picks up the 


phone, it will automatically ring the extension assigned. Use the no form of this command to disable this 
feature. 


Syntax Description 





<number> Specifies the hotline number to dial when the phone is off-hook. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets up user 4444 as a hotline and specifies that the number 256-555-8000 will be 
dialed when user 4444’s phone is off-hook: 


(config)#voice user 4444 
(config-4444)#hotline 2565558000 
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last-name <name> 


Use the last-name command to specify the user’s last name. The stored name will appear in the caller ID 
information and directory for the user. Use the no form of this command to remove a last name. 


Syntax Description 


<name> Specifies the user’s last name. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example specifies the last name of user 4444: 


(config)#voice user 4444 
(config-4444)#last-name Smith 
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message-waiting 


Use the message-waiting command to configure message waiting notification methods. Use this 
command to select the phone alert used to notify users of new voice mail. Use the no form of this 
command to return to disable these features. Variations of this command include: 


message-waiting both 
message-waiting dialtone-only 
message-waiting lamp-only 


Syntax Description 





both Sets message-waiting notification for both dialtone and lamp. 
dialtone-only Sets message-waiting notification for dialtone only. 
lamp-only Sets message-waiting notification or lamp-only. 


Default Values 





No default value necessary for this command. 


Command History 


Release 9.3 Command was introduced. 


Usage Examples 





The following example sets message-waiting notification for user 4444 for both dialtone and lamp: 


(config)#voice user 4444 
(config-4444)#message-waiting both 
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modem-passthrough 


Use the modem-passthrough command to switch to pass-through mode on fax or modem tone detection. 
This command allows modem and fax calls to maintain a connection without altering the signals with the 
voice improvement settings such as echo cancellation and voice activity detection (vad). Use the no form 
of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, modem-passthrough is enabled. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example disables modem-passthrough: 


(config)#voice user 4444 
(config-4444)#no modem-passthrough 
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nis 


Use the nls command to enable the non-linear suppression (NLS) option for the user. This option sets the 


echo canceler to reduce acoustic echo. Use the no form of this command to disable this feature. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 14.1 Command was introduced. 


Usage Examples 





The following example enables NLS for user 4444: 


(config)#voice user 4444 
(contig-4444)#nls 
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notify email 


Use the notify email command to indicate either the primary or secondary email address for voice mail 
notification during the voicemail notification schedule. The primary and secondary email addresses must 
be configured using the commands email <address> on page 2504 and email-secondary <address> on 
page 2505. Use the no form of the command to disable the settings. Variations of this command include 
the following: 


notify email primary 
notify email secondary 


Syntax Description 





primary Specifies that email notifications for this schedule will be sent to the primary 
email address. 


secondary Specifies that email notifications for this schedule will be sent to the 
secondary email address. 


Default Values 





No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 15.1 Command was expanded. 


Usage Examples 





The following example configures the unit to send email notification for this schedule to the secondary 
email address. 


(config)#voice user 4444 

(config-4444)#voicemail notify schedule monday 06:00 am 
Configuring New Schedule "monday 06:00 am". 
(config-4444-mon-06:00am)#notify email secondary 
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num-rings 


Use the num-rings command to specify the number of rings for call pickup before the system redirects the 
call. Each system-mode call coverage action can be configured with a different number of rings based on 
preference. Use the no form of this command to return to the default setting. Variations of this command 
include: 


num-rings <value> 
num-rings [<system mode>] <value> 
num-rings override <value> 


Syntax Description 





<system mode> Optional. Specifies the system mode to configure for call coverage. Choose 
from custom1, custom2, custom3, lunch, night, or weekend. Refer to 
the Functional Notes of this command for more information on configuring 
system modes. 

override Ignores the programmed system mode schedule. 

<value> Specifies the number of rings before the next action. Specify 0 trough 9 
rings. Entering 0 specifies an unlimited number of rings. 


Default Values 





By default, the num-rings is set to 4. 


Command History 





Release 9.3 Command was introduced. 
Release A1 Command was updated to include system mode feature options. 


Functional Notes 





System mode call coverage provides more diverse functionality for call handling. In previous versions of 
AOS (revision 15.1 or earlier), up to five coverage modes were allowed. Calls were processed in the order 
in which the coverage options were entered into the system. 


With the addition of the system mode options, up to five coverage options per system mode are allowed. 
The system modes can be modified using the command voice system-mode on page 996. 


Usage Examples 





The following example allows the extension 4444 to ring 6 times before redirecting the call: 


(config)#voice user 4444 
(contig-4444)#num-rings 6 
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The following example sets the number of rings to 1 before redirecting the call when the system mode is 
set to weekend: 


(config)#voice user 4444 
(config-4444)#num-rings weekend 1 
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password <password> 


Use the password command to create a password or personal identification number (PIN) number to 
protect voice settings and messages. Use the no form of this command to remove a password. 


Syntax Description 


<password> Specifies a 4-digit password (or PIN) number. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following sets the password for user 4444 to 4321: 


(config)#voice user 4444 
(config-4444)#password 4321 
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plc 


Use the ple command to enable packet loss concealment (PLC). PLC is used to prevent choppy 
connections by concealing a packet loss by replacing the lost packet with another voice packet in the data 
stream. Use the no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 
By default, PLC is enabled. 





Command History 





Release 11.1 Command was introduced. 


Usage Examples 
The following disables PLC the for user 4444: 





(config)#voice user 4444 
(contig-4444)#no ple 
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rtp delay-mode 


Use the rtp delay-mode command to configure the Realtime Transport Protocol (RTP) jitter buffer packet 
delay mode settings. RTP is used to prevent static on voice connections by enhancing the quality of the 
packet delivery. Use the no form of this command to return to the default setting. Variations of this 
command include: 


rtp delay-mode adaptive 
rtp delay-mode fixed 


Syntax Description 





adaptive Configures RTP jitter buffer packet delay to adjusts during a call based on 
network conditions. 


fixed Configures the RTP jitter buffer packet delay to remain constant. 


Default Values 


By default, the RTP delay mode is set to adaptive. This allows for minimal latency by adjusting the 
average packet delay based on the conditions of the network. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example configures RTP delay mode as fixed: 


(config)#voice user 4444 
(config-4444)#rtp delay-mode fixed 
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rtp dtmf-relay 


Use the rtp dtmf-relay command to configure the method by which Realtime Transport Protocol (RTP) 
Dual Tone Multi-Frequency (DTMF) events are relayed. The dial digits can be sent inband or out-of-band 
of the voice stream. Use the no form of this command to return to the default value. Variations of this 
command include: 


rtp dtmf-relay inband 
rtp dtmf-relay nte <va/ue> 


Syntax Description 





inband Specifies that RTP DTMF events be relayed inband in the RTP stream. 


nte <value> Specifies that RTP DTMF event value be relayed out-of-band using NTE. 
Enter an NTE value between 96 and 127. 


Default Values 
By default, the rtp dtmf-relay is set for NTE 101. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example configures RTP DTMF relay events for inband: 


(config)#voice user 4444 
(contig-4444)#rtp dtmf-relay inband 
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rtp frame-packetization <value> 
Use the rtp frame-packetization command to configure the Realtime Transport Protocol (RTP) frame 


packetization time in milliseconds for individual trunks and users. Use the no form of this command to 
return to the default value. 


Syntax Description 





<value> Configures the RTP frame packetization time value in milliseconds. Select 
from 10, 20, or 30 milliseconds. 


Default Values 





By default, the rtp frame-packetization time is set to 20 milliseconds on all trunks and users. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example sets the frame packetization time for user 4444 to 10 milliseconds: 


(config)#voice user 4444 
(config-4444)#rtp frame-packetization 10 
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rtp packet-delay 


Use the rtp packet-delay command to configure the maximum Realtime Transport Protocol (RTP) packet 
delays. This command is used to set the allowable limits of latency on the network. Use the no form of this 
command to return to default values. Variations of this command include: 


rtp packet-delay fax <va/ue> 
rtp packet-delay maximum <value> 
rtp packet-delay nominal <value> 


Syntax Description 





fax <value> Sets the fax delay time value in milliseconds. Range is 0 to 500 
milliseconds. 
maximum <value> Sets the maximum delay time value in increments of 10 milliseconds. 


Range is 40 to 320 milliseconds. 


nominal <va/lue> Sets the nominal delay time value in increments of 10 milliseconds. Range is 
10 to 240 milliseconds. 


Default Values 


By default, the RTP packet delay for fax is 300, maximum is 100, and nominal is 50. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example configures the RTP fax delay time for user 4444 to 200 milliseconds: 


(config)#voice user 4444 
(config-4444)#rtp packet-delay fax 200 
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rtp qos dscp <value> 
Use the rtp qos dscp command to configure the maximum Realtime Transport Protocol (RTP) quality of 


service (QoS) parameters for differentiated services code point (DSCP). Use the no form of this command 
to return to default values. 


Syntax Description 





<value> Configures the RTP QoS parameter for DSCP. Enter a value between 
10 and 63. 


Default Values 
By default, no RTP QoS DSCP is configured for this interface. 





Command History 





Release 9.3 Command was introduced. 


Functional Note 





By setting the rtp qos dscp value on an individual trunk or user, you will override the global rtp qos dscp 
setting for RTP packets. QoS is set using a Differentiated Services Code Point, or DSCP value. Valid 
DSCP values are 10-63, and a higher DSCP value has a higher priority. The default DSCP value for RTP is 
46. Remember that if you are using a public IP connection, such as the Internet, for voice over IP, 
end-to-end QoS may not be guaranteed. The default DSCP value for SIP is 26. To configure QoS for the 
RTP traffic that carries the voice conversation, use the command, ip rtp qos dscp followed by the desired 
DSCP value. 


Usage Examples 
The following example configures the RTP QoS DSCP for user 4444 to 46: 





(config)#voice user 4444 
(config-4444)#rtp qos dscp 46 
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show voice mail 


Use the show voice mail command to display a user’s voice mail information. This command can also be 
executed from the Enable prompt using the syntax explained on page 558. Variations of this command 
include: 


show voice mail 
show voice mail notify-schedule 





The output of all show commands can be limited by appending the following modifiers to 
the end of the command: | begin <text>, | exclude <text>, and | include <text>. The 
include modifier limits output to lines that contain the specified text, the exclude modifier 

‘wore excludes any lines with the specified text, and the begin modifier displays the first line of 
output with the specified text and all lines thereafter. 


For specific instructions and examples regarding these modifiers, refer to the Enable 
Mode Command Set introduction on page 60. 








Syntax Description 





notify-schedule Displays the voicemail notification schedule. 


Default Values 





No default necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 17.1 Command was expanded to include modifiers begin, exclude, include. 


Usage Examples 





The following example shows sample output from the show voice mail command for extension 4444: 


(config)#voice user 4444 

(config-4444)#show voice mail 

Voicemail information for account: 4444 

VM Class of Service: normal_voicemail 

Standard Greeting (min): 01:00 Total Voicemail Usage (min): 05:00 
Alternate Greeting (min): 01:00 Total Voicemail Free (min): 10:00 
Recorded Name (min): 00:10 
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The following is sample output for the show voice mail notify-schedule command for extension 4444: 


(config)#voice user 4444 

(config-4444)#voicemail notify schedule monday 06:00 am 
Configuring New Schedule "monday 06:00 am". 
(config-4444-mon-06:00am)#show voice mail notify-schedule 


Start End Email 1 Email 2 
Sun 12:00am Sun11:59pm --- —_ 
Mon 12:00am Mon5:59am a ote 
Mon 6:00am at11:59pm _ --- 
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sip-identity 


Use the sip-identity command to configure the Session Initiation Protocol (SIP) registration options for 
the user. Use the no form of the command to disable the settings. Variations of this command include the 
following: 


sip-identity <station> <Txx> 
sip-identity <station> <Txx> register 
sip-identity <station> <Txx> register auth-name <username> password <password> 


Syntax Description 





<station> Specifies the station to be used for SIP trunk (e.g., station extension). 


<Txx> Specifies the SIP trunk through which to register the server. The trunk 
is specified in the format Txx (e.g., T01). 


register Registers the user to the server. 


register auth-name <username> Optional. Sets the user name that will be required as authentication 
for registration to the SIP server. 


password <password> Optional. Sets the password that will be required as authentication for 
registration to the SIP server. 


Default Values 





No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 


Usage Examples 





The following example specifies trunk T02 and extension 4400 for SIP identity: 


(config)#voice user 4444 
(config-4444)#sip identity 4400 T02 
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special-ring-cadences 
Use the special-ring-cadences command to enable special ring cadences for this user. This command 


allows the user to be alerted with a distinctive ring. Use the no form of this command to disable this 
feature. 


Syntax Description 





No subcommanas. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example configures enables special ring cadences for user 4444: 


(config)#voice user 4444 
(config-4444)#special-ring-cadences 
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speed-dial <number> 
Use the speed-dial command to assign a number (1 though 20) to the user. The speed dial number allows 


the users to call each other by simply dialing 1 or 2 digit numbers. Use the no form of this command to 
disable this feature. 


Syntax Description 





<number> Specifies the speed dial number for the user. Select from numbers 1 
through 20. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example assigns a speed-dial number to user 4444: 


(config)#voice user 4444 
(config-4444)#speed-dial 2 
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station-lock 


Use the station-lock command to lock the (station) against inbound or outbound calls. Locking a station 
will restrict phone privileges. Use the no form of this command to disable this feature. Variations of this 
command include: 


station-lock admin 

station-lock admin inbound 
station-lock admin inbound-outbound 
station-lock user 

station-lock user inbound 
station-lock user inbound-outbound 


Syntax Description 





admin Allows the administrator to block calls. 
user Allows the user to block calls. 

inbound Blocks inbound calls. 
inbound-outbound Blocks both inbound and outbound calls. 


Default Values 


No default value necessary for this command. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example configures an administrator inbound and outbound station lock: 


(config)#voice user 4444 
(config-4444)#station-lock admin inbound-outbound 
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138 


Use the t38 command to enable T.38 fax operation. Use the no form of this command to disable this 
feature. 





operation to work. 


Wo The modem-passthrough command (refer to page 2514) must be enabled for T.38 





Syntax Description 





No subcommanas. 


Default Values 
By default, T.38 is disabled. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables T.38 for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 


Technology Review 


T.38 is an International Telecommunication Union (ITU) specification that allows Group-3 Fax (T.30) data to 
be transported over the Internet. It is similar to dual tone multi-frequency (DTMF) relay (RFC 2833) in that 
the digital signal processor (DSP) decodes tones and demodulated fax data and converts them into 
packets. A similar device on the other end takes the packets/tones and remodulates them so that an 
analog fax machine on the other end can receive the fax. AOS’s previous support (revision 12 through 15) 
for fax/modem signals was simply detecting a tone and forcing the CODEC into G.711 and 
disabling/enabling echo cancellers based on the tones detected. When packet loss becomes high, sending 
faxes over G711 becomes problematic, due to dropped messages and timeouts/retrains. 


T.38 can be used in conjunction with various call-control schemes such as H.323, SIP, and Media Gateway 
Control Protocol (MGCP). AOS only supports SIP as the call-control method. This is typically referred to 
T.38/Annex-D. Annex-D describes the Session Initiation Protocol/Session Description Protocol (SIP/SDP) 
call establishment procedures. 
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38 error-correction 


Use the t38 error-correction command to specify the type of fax error correction. Use the no form of this 
command to disable this feature. Variations of this command include: 


t38 error-correction fec 
t38 error-correction redundancy 


Syntax Description 





fec Specifies forward error correction (FEC) as the fax error correction. FEC is 
a system of error control where the sender adds redundant data to its 
messages allowing the receiver to detect and correct errors (within certain 
bounds) without the need to request additional data from the sender. 


redundancy Specifies redundancy as the fax error correction. Redundancy error 
correction replicates the payload a user-specified number of times to 
determine if errors are present. The number of redundant packets is set 
using the t88 redundancy command (refer to page 2538). 


Default Values 





By default, t38 error-correction is set to redundancy. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example set the t38 error-correction to fec for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 error-correction fec 
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t38 fallback-mode 


Use the t38 fallback-mode command to specify the transmission mode used when T.38 fax relay cannot 
be successfully negotiated at the time of the fax transfer. Use the no form of this command to disable this 
feature. Variations of this command include: 


138 fallback-mode fail488 
138 fallback-mode fail606 
t38 fallback-mode g711 


Syntax Description 





fail488 Specifies using the fail488 SIP error message. 
fail606 Specifies using the fail606 SIP error message. 
g711 Specifies that fax operation revert back to analog mode (G.711). 


Default Values 





By default, t38 fallback-mode is set to g711. 


Command History 


Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 fallback-mode to fail606 for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 fallback-mode fail606 
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138 max-buffer <buffer size> 


Use the t38 max-buffer command to set the maximum buffer size for T.38 fax operation. Use the no form 
of this command to return to the default value. 


Syntax Description 


<buffer-size> Specifies the maximum number of bytes that can be received before an 
overflow condition occurs. Range is 0 to 400 bytes. 


Default Values 





By default, the maximum buffer size is set to 200. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 max-buffer to 100 for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 max-buffer 100 
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t38 max-datagram <value> 


Use the t38 max-datagram command to set the maximum datagram value in this unit. Use the no form of 
this command to return to the default value. 


Syntax Description 


<value> Specifies the maximum number of bytes a User Datagram Protocol 
Transport Layer (UDPTL) packet can be that can be received. Range is 0 to 
300 bytes. 


Default Values 





By default, the maximum datagram value is set to 75. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example sets the t38 max-datagram to 100 for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 max-datagram 100 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2536 


Command Reference Guide Voice User Configuration Command Set 





138 max-rate 


Use the t38 max-rate command to specify the fax maximum rate. The actual transmission rate may be 
lower than specified rate if the receiving end cannot support the maximum rate. Use the no form of this 
command to return to the default value. Variations of this command include: 


t38 max-rate 12000 
t38 max-rate 14400 
t38 max-rate 2400 
t38 max-rate 4800 
t38 max-rate 7200 
t38 max-rate 9600 


Syntax Description 





12000 Specifies 12000 baud/bits as fax maximum rate. 
14400 Specifies 14400 baud/bits as fax maximum rate. 
2400 Specifies 2400 baud/bits as fax maximum rate. 
4800 Specifies 4800 baud/bits as fax maximum rate. 
7200 Specifies 7200 baud/bits as fax maximum rate. 
9600 Specifies 9600 baud/bits as fax maximum rate. 


Default Values 





By default, the maximum fax rate is set to 14400. 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example set the t88 max-rate to 4800 for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 max-rate 4800 
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t38 redundancy 


Use the t38 redundancy command to set the number of redundant packets sent when the t38 
error-correction redundancy feature is enabled. Use the no form of this command to return to the default 
value. Variations of this command include: 


t38 redundancy high-speed <va/ue> 
t38 redundancy low-speed <value> 


Syntax Description 





high-speed <value> Specifies the number of redundant T.38 fax packets to be sent for data 
messages (high-speed fax machine image data). Range is 0 (no 
redundancy) to 4 packets. 


low-speed <value> Specifies the number of redundant T.38 fax packets to be sent for the 
signaling messages (low-speed fax machine protocol). Range is 0 (no 
redundancy) to 7 packets. 


Default Values 





By default, high-speed and low-speed redundancy values are set to 0 (no redundancy). 


Command History 





Release 16.1 Command was introduced. 


Usage Examples 





The following example enables t38 error-correction redundancy and sets the number of redundant data 
messages to 3 for user 4444: 


(config)#voice user 4444 
(config-4444)#t38 error-correction redundancy 
(config-4444)#t38 redundancy high-speed 3 
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vad 


Use the vad command to enable voice activity detection (VAD). VAD blocks out noise categorized as 
silence during a voice connection. The silent voice packets are not transmitted, allowing bandwidth usage 
to be reduced. Although VAD saves bandwidth, the quality of the voice call may be compromised. Use the 
no form of this command to disable this feature. 


Syntax Description 





No subcommanas. 


Default Values 





By default, VAD is enabled for all voice trunks and users. 


Command History 





Release 9.3 Command was introduced. 


Usage Examples 





The following example disables VAD for user 4444: 


(config)#voice user 4444 
(config-4444)#no vad 
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voicemail 


Use the voicemail command to configure the voice mail options for the users. Use the no form of the 
command to disable the settings. Variations of this command include the following: 


voicemail auth-mode full 

voicemail auth-mode password 

voicemail auto-play 

voicemail envelope-play 

voicemail greeting alternate 

voicemail greeting default 

voicemail greeting standard 

voicemail new-user 

voicemail cos <name> 

voicemail notify email [text-only | attach-message] 
voicemail notify schedule <day> <time> [am | pm] 


voicemail oper-assist <number> 
voicemail password <password> 


Syntax Description 





auth-mode full 


auth-mode password 


auto-play 
cos <name> 


envelope-play 
greeting alternate 
greeting default 
greeting standard 
new-user 

notify email 


[text-only] 
[attach-message] 


notify schedule 


<day> 


<time> [am | pm] 


Specifies that the extension and password are required to access 
voicemail. 


Specifies that the password is required to access voicemail. Only the 
password is required if set to password authentication mode. 


Specifies automatic playback of messages when entering the mailbox. 


Configures the voice mail class of service (CoS) type by entering the name 
of the selected CoS. 


Automatically plays message envelopes during message playback. 
Specifies the alternate recorded voicemail greeting to be used. 
Specifies the default voicemail greeting to be used. 

Specifies the user’s standard recorded voicemail greeting to be used. 
Executes the new-user wizard for voicemail configuration. 


Specifies sending a text notification or attaching the message to an email 
when a new voicemail is received. 


Sends only a text message to the specified email address. 


Sends the voicemail as a WAV file attachment to the specified email. The 
um-serve must be configured for this option to work. 

Configures the daily schedules for voicemail notification. Different 
schedules can be programmed for different days of the week. 

Specifies the day of the week for the voicemail notification. Choose from 
Monday through Sunday. 


Specifies the time for the voice mail notification. Time should be expressed 
in the format hours:minutes (HH:MM) a.m. or p.m. 





60000CRGD-35A 


Copyright © 2008 ADTRAN, Inc. 2540 


Command Reference Guide Voice User Configuration Command Set 





oper-assist <number> Directs all operator calls to the specified phone number. 
password <password> Creates the password/pin that will be required to access voicemail. 


Default Values 


No default values necessary for this command. 


Command History 





Release 12.1 Command was introduced. 
Release 15.1 Command was expanded. 


Usage Examples 





The following example set the voice mail CoS for this user to class1: 


(config)#voice user 4444 
(config-4444)#voicemail cos class1 
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SECURITY AND SERVICES COMMAND SETS 


This section includes the following command sets: 


DHCP Pool Command Set on page 2543 

Mail Agent Configuration Command Set on page 2562 
Quality of Service Map Command Set on page 2573 

Radius Group Command Set on page 2597 

Route Map Configuration Command Set on page 2599 
TACACS+ Group Configuration Command Set on page 2628 
Top Traffic Configuration Command Set on page 2630 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 


2542 


Command Reference Guide DHCP Pool Command Set 





DHCP PooL COMMAND SET 


To activate the DHCP Pool mode, enter the ip dhep-server pool command at the Global Configuration 
mode prompt. For example: 


>enable 

#configure terminal 

(config)#ip dhcp-server pool MyPool 
(config-dhcp)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


bootfile <name> on page 2544 
client-identifier <identifier> on page 2545 
client-name <name> on page 2546 
default-router on page 2547 
dns-server on page 2548 
domain-name <name> on page 2549 
hardware-address on page 2550 

host <ip address> on page 2552 

lease <days> on page 2553 
netbios-name-server on page 2554 
netbios-node-type on page 2555 
network on page 2556 

ntp-server <ip address> on page 2557 
option on page 2558 

tftp-server <name> on page 2559 
timezone-offset <value> on page 2560 
vif <name> on page 2561 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2543 


Command Reference Guide DHCP Pool Command Set 





bootfile <name> 


Use the bootfile command to specify a fully qualified directory-path name to a file located on a TFTP 
server on the network. Some network devices use the file (the path sent to the DHCP client in the 
DHCPOFFER message) for initial configuration. Use the no form of this command to remove a configured 
boot file. 


Syntax Description 





<name> Specifies a fully qualified directory-path name to the file located on the 
network. If the file is located in the root directory of the TFTP server, enter 
the file name only. 


Default Values 





By default there is no specified boot file. 


Command History 





2.1 Command was introduced. 


Functional Notes 





RFC2131 provides specifications for DHCP servers to supply clients with information that allows the clients 
to exchange packets with other hosts on the network. DHCP clients that do not store the correct boot 
software on an internal flash drive can receive a boot file from a TFTP server. The AOS DHCP server can 
provide these devices with the address of the network TFTP server and the configuration file name. For 
example, some IP phones use this functionality to download the feature and key activation file. Use the 
tftp server command (on page 2559) to specify the IP address of the network TFTP server. 


RFC2131 includes provisions to allow DHCP servers to utilize the 128 octets designated for the boot file 
directory-path for expanding the DHCP options field. RFC1533 outlines the available DHCP variables for 
the options field. This process must be negotiated between client and server during the DHCPDISCOVER 
process and should only take place if the client specifies a small maxDHCPmessage size in the 
DHCPDISCOVER message. 


Usage Examples 





The following example specifies the location of a TFTP server on the LAN at 10.10.0.4 and a boot file of 
myconfig.cfg (located in the TFTP server root directory) for the DHCP pool IP_Phones: 


(config)#ip dhcp-server pool IP_Phones 
(config-dhcp)#tftp sever 10.10.0.4 
(config-dhcp)#bootfile myconfig.cfg 
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client-identifier <identifier> 
Use the client-identifier command to specify a unique identifier (in dotted hexadecimal notation) for a 


Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove a 
configured client identifier. 


Syntax Description 





<identifier> Specifies a client identifier using 7 to 28 hexadecimal characters with colon 
delimiters. Refer to the Functional Notes below for more information. 


Default Values 





No default value necessary for this command. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





DHCP clients use client identifiers in place of hardware addresses. To create the client-identifier, begin with 
the two-digit numerical code representing the media type and append the client’s MAC address. For 
example, a Microsoft client with an Ethernet (01) MAC address d2:17:04:91:11:50 uses a client identifier of 
01 :d2:17:04:91:11:50. 


Usage Examples 





The following example specifies the client identifier for a Microsoft client with an Ethernet MAC address of 
d217.0491.1150: 


(config)#ip dhcp-server pool Microsoft_Clients 
(config-dhcp)#client-identifier 01:d2:17:04:91:11:50 
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client-name <name> 


Use the client-name command to specify the name of a Dynamic Host Configuration Protocol (DHCP) 
client. Use the no form of this command to remove the configured client name. 


Syntax Description 


<name> Identifies the DHCP client (example is client1) using an alphanumeric 
string (up to 32 characters in length). 





‘ore The specified client name should not contain the domain name. 





Default Values 


By default, there are no specified client names. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 


The following example specifies a client name of myclient: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#client-name myclient 
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default-router 


Use the default-router command to specify the default primary and secondary routers to use for the 
Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this command to remove the 
configured router. Variations of this command include: 


default-router <ip address> 
default-router <ip address> <secondary> 


Syntax Description 





<ijp address> Specifies the IP address of the preferred router on the client’s subnet. 


<secondary> Optional. Specifies the IP address of the second preferred router on the 
client’s subnet. 


IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, there are no specified default routers. 


Command History 





Release 2.1 Command was introduced. 


Functional Notes 





When specifying a router to use as the primary/secondary preferred router, verify that the listed router is on 
the same subnet as the DHCP client. AOS allows a designation for two routers, listed in order of 
precedence. 


Usage Examples 





The following example configures a default router with address 192.22.4.253 and a secondary router with 
address 192.22.4.254: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#default-router 192.22.4.253 192.22.4.254 
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dns-server 


Use the dns-server command to specify the default primary and secondary Domain Name System (DNS) 
servers to use for the Dynamic Host Configuration Protocol (DHCP) client. Use the no form of this 
command to remove the configured DNS server. Variations of this command include: 


dns-server <ip address> 
dns-server <ip address> <secondary> 


Syntax Description 





<ijp address> Specifies the IP address of the preferred DNS server on the network. 
<secondary> Optional. Specifies the IP address of the second preferred DNS server on 
the network. 
IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 





By default, there are no specified default DNS servers. 


Command History 





Release 2.1 Command was introduced. 
Release 4.1 Command was expanded to include the IKE client configuration pool. 


Usage Examples 





The following example specifies a default DNS server with address 192.72.3.254 and a secondary DNS 
server with address 192.100.4.253: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#dns-server 192.72.3.254 192.100.4.253 
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domain-name <name> 


Use the domain-name command to specify the domain name for the Dynamic Host Configuration 
Protocol (DHCP) client. Use the no form of this command to remove the configured domain name. 


Syntax Description 


<name> Identifies the DHCP client (e.g., adtran.com) using an alphanumeric string 
(up to 32 characters in length). 


Default Values 





By default, there are no specified domain names. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies a domain name of adtran.com: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#domain-name adtran.com 
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hardware-address 


Use the hardware-address command to specify the name of a Dynamic Host Configuration Protocol 
(DHCP) client. Use the no form of this command to remove the configured client name. Variations of this 
command include: 


hardware-address <mac address> 
hardware-address <mac address> <type> 
hardware-address <mac address> ethernet 
hardware-address <mac address> ieee802 


Syntax Description 





<mac address> Specifies a valid 48-bit MAC address. MAC addresses should be expressed 
in following format xx:xx:xx:xx:xx:xx (for example, 00:A0:C8:00:00:01). 


<type> Optional. Specifies one of the hardware types listed in RFC1700. Valid 
range is 1 to 21. 


The valid hardware types are as follows: 
10 Mb Ethernet 


2 Experimental 3 Mb Ethernet 

3 Amateur Radio AX.25 

4 Proteon ProNET Token Ring 

5 Chaos 

6l EEE 802 Networks 

7 ARCNET 

8 Hyperchannel 

9 Lanstar 

10 Autonet Short Address 

11 LocalTalk 

12 LocalNet (IBM PCNet or SYTEK LocalNet) 

13 Ultra link 

14 SMDS 

15 Frame Relay 

16 Asynchronous Transmission Mode (ATM) 

17 HDLC 

18 Fibre Channel 

19 Asynchronous Transmission Mode (ATM) 

20 Serial Line 

21 Asynchronous Transmission Mode (ATM) 
ethernet Optional. Specifies standard Ethernet networks. 
ieee802 Optional. Specifies IEEE 802 standard networks. 
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Default Values 





By default, the hardware address type is set to 10 Mbps Ethernet (1). 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies an Ethernet client with a MAC address of ae:11:54:60:99:10: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#hardware-address ae:11:54:60:99:10 Ethernet 
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host <ip address> 


Use the host command to specify the IP address and subnet mask for a manual binding to a Dynamic Host 
Configuration Protocol (DHCP) client. Use the no form of this command to remove the configured client 
address. Variations of this command include: 


host </p address> 
host <ip address> <subnet mask> 


Syntax Description 





<ijp address> Specifies the IP address for a manual binding to a DHCP client. IP 
addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 

<subnet mask> Optional. Specifies the subnet mask that corresponds to a range of IP 


addresses (network) or a specific host. Subnet masks can be expressed in 
dotted decimal notation (for example, 255.255.255.0) or as a prefix length 
(for example, /24). 


If the subnet mask is left unspecified, the DHCP server examines its 
address pools to obtain an appropriate mask. If no valid mask is found in 
the address pools, the DHCP server uses the Class A, B, or C natural 
mask. 


Default Values 





By default, there are no specified host addresses. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following examples show two different ways to specify a client with IP address 12.200.5.99 anda 
21-bit subnet mask: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#host 12.200.5.99 255.255.248.0 
or 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#host 12.200.5.99/21 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2552 


Command Reference Guide 


DHCP Pool Command Set 





lease <days> 


Use the lease command to specify the duration of the lease for an IP address assigned to a Dynamic Host 


Configuration Protocol (DHCP) client. Use the no form of this command to return to the default lease 


value. Variations of this command include: 


lease <days> 
lease <days> <hours> 
lease <days> <hours> <minutes> 


Syntax Description 





<days> Specifies the duration of the IP address lease in days. 


<hours> Optional. Specifies the number of hours in a lease. You may only enter a 


value in the hours field if the days field is specified. 


<minutes> Optional. Specifies the number of minutes in a lease. You may only enter a 


value in the minutes field if the days and hours fields are specified. 


Default Values 





By default, an IP address lease is one day. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies a lease of 2 days: 
(config)#ip dhcp-server pool MyPool 
(config-dhcp)#lease 2 

The following example specifies a lease of 1 hour: 
(config)#ip dhcp-server pool MyPool 
(config-dhcp)#lease 0 1 

The following example specifies a lease of 30 minutes: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#lease 0 0 30 
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netbios-name-server 


Use the netbios-name-server command to specify the primary and secondary NetBIOS Windows Internet 
Naming Service (WINS) name servers available for use by the Dynamic Host Configuration Protocol 
(DHCP) clients. Use the no form of this command to remove a configured NetBIOS name server. 
Variations of this command include: 


netbios-name-server </p address> 
netbios-name-server <ip address> <secondary> 


Syntax Description 





<ip address> Specifies the IP address of the preferred NetBIOS WINS name server on 
the network. 
<secondary> Optional. Specifies the IP address of the second preferred NetBIOS WINS 


name server on the network. 


IP addresses should be expressed in dotted decimal notation (for example, 
10.10.10.1). 


Default Values 


By default, there are no configured NetBIOS WINS name servers. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies a primary NetBIOS WINS name server with an IP address of 172.45.6.99 
and a secondary with an IP address of 172.45.8.15: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#netbios-name-server 172.45.6.99 172.45.8.15 
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netbios-node-type 


Use the netbios-node-type command to specify the type of NetBIOS node used with Dynamic Host 
Configuration Protocol (DHCP) clients. Use the no form of this command to remove a configured 
NetBIOS node type. Variations of this command include: 


netbios-node-type <value> 
netbios-node-type b-node 
netbios-node-type h-node 
netbios-node-type m-node 
netbios-node-type p-node 


Syntax Description 





<value> Specifies the NetBIOS node type using the numerical value. Refer to the 
node types below for the corresponding numerical values. 

b-node Specifies the broadcast node. Numeric value is 1. 

h-node Specifies the hybrid node (recommended). Numeric value is 8. 

m-node Specifies the mixed node. Numeric value is 4. 

p-node Specifies the peer-to-peer node. Numeric value is 2. 


Default Values 





By default, the netbios-node-type is set to h-node (hybrid node, numeric value 8). 


Command History 


Release 2.1 Command was introduced. 


Usage Examples 





The following example specifies a client's NetBIOS node type as h-node: 
(config)#ip dhcp-server pool MyPool 

(config-dhcp)#netbios-node-type h-node 

Alternately, the following also specifies the client's NetBIOS node type as h-node: 


(config-dhcp)#netbios-node-type 8 
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network 


Use the network command to specify the subnet number and mask for an AOS Dynamic Host 
Configuration Protocol (DHCP) server address pool. Use the no form of this command to remove a 
configured subnet. Variations of this command include: 


network <ip address> 
network <ip address> <subnet mask> 


Syntax Description 





<ijpp address> Specifies the IP address of the DHCP address pool. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


<subnet mask> Optional. Specifies the subnet mask that corresponds to a range of IP 
addresses (network) or a specific host. Subnet masks can be expressed in 
dotted decimal notation (for example, 255.255.255.0) or as a prefix length 
(for example, /24). If the subnet mask is left unspecified, the DHCP server 
uses the Class A, B, or C natural mask. 


Default Values 





By default, there are no configured DHCP address pools. 


Command History 





Release 2.1 Command was introduced. 


Usage Examples 





The following examples show two different ways to configure an address pool subnet of 192.34.0.0 with a 
16-bit subnet mask: 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#network 192.34.0.0 255.255.0.0 
or 


(config)#ip dhcp-server pool MyPool 
(config-dhcp)#network 192.34.0.0 /16 
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ntp-server <ip address> 


Use the ntp-server command to specify the name of the Network Time Protocol (NTP) server published to 
the client. Use the no form of this command to remove a defined NTP server. 


Syntax Description 


<ijpp address> Specifies the IP address of the NTP server. IP addresses should be 
expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, no NTP server is defined. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example specifies the IP address of the NTP server: 


(config)#ip dhcp pool MyPool 
(config-dhcp)#ntp-server 192.168.1.1 
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option 


Use the option command to describe a generic DHCP option to be published to the client. The user may 
specify any number of generic options to be published to the client. Use the no form of this command to 
return to the default value. Variations of this command include: 


option <option value> ascii <value> 
option <option value> hex <value> 
option <option value> ip <value> 


Syntax Description 





<option value> Specifies the value of the generic DHCP option published to the client. 
Range is 0 to 255. 

ascii Specifies the DHCP option information in ascii format. 

hex Specifies the DHCP option information in hexidecimal format. 

ip Specifies the DHCP option information in IP format. 

<value> Specifies the ASCII, hexidecimal, or IP value. The value for ascii is simple 


text. The value for hex is an 8-digit hexidecimal number (32 bit). The value 
for ip is an IP address. IP addresses should be expressed in dotted decimal 
notation (for example, 10.10.10.1). 


Default Values 





No default value necessary for this command. 


Command History 


Release 9.1 Command was introduced. 


Usage Examples 





The following example publishes DHCP options to the client: 


(config)#ip dhcp pool MyPool 
(config-dhcp)#option 100 ascii ascii_value 
(config-dhcp)#option 101 hex AB458E80 
(config-dhcp)#option 102 ip 192.168.1.1 
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tftp-server <name> 


Use the tftp-server command to specify the IP address or DNS name of the TFTP server published to the 
client. Use the no form of this command to remove a defined TFTP server. 


Syntax Description 


<name> Specifies the DNS name or dotted notation IP address of the server. 


Default Values 





By default, no TFTP server is defined. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example specifies the IP address of the TFTP server: 
(config)#ip dhcp pool MyPool 

(config-dhcp)#tftp-server 192.168.1.1 

The following example specifies the DNS name of the TFTP server: 


(config)#ip dhcp pool MyPool 
(config-dhcp)#tftp-server MyServer.adtran.com 
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timezone-offset <value> 


Use the timezone-offset command to specify the timezone adjustment (in hours) published to the client. 
Use the no form of this command to remove a timezone offset. 


Syntax Description 


<value> Specifies the timezone adjustment (in hours) published to the client. Use an 
integer from -12 to 12 hours. 


Default Values 





No default value necessary for this command. 


Command History 





Release 9.1 Command was introduced. 


Usage Examples 





The following example sets the timezone adjustment for the client to -3 hours. For example, if the server 
time is configured for Eastern time and the client is configured for Pacific time, you can set the client 
timezone adjustment to -3 hours: 


(config)#ip dhcp pool MyPool 
(config-dhcp)#timezone-offset -3 
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vrf <name> 


Use the vrf <name> command to associate a Dynamic Host Configuration Protocol (DHCP) address pool 
with a specific VPN routing and forwarding (VRF) instance. An address pool can only be assigned to one 
VRF, but a VRF can have multiple address pools providing addresses for it. Use the no form of the 
command to remove the association with the named VRF instance and assign the address pool to the 
default (unnamed) VRF. 





previously configured settings for the address pool. 


Keep in mind that associating a DHCP address pool with a nondefault VRF will clear all 
UT! 





Syntax Description 


<name> Specifies the name of the VRF to associate with the DHCP address pool. 


Default Values 





By default, DHCP address pools are associated with the default unnamed VRF. 


Command History 





Release 17.1 Command was introduced. 


Functional Notes 





VRF instances must be created first before a DHCP address pool can be assigned. An address pool can 
only be assigned to one VRF but multiple address pools can be assigned to the same VFF. 


VPN routing and forwarding (VRF) on AOS products allows a single physical router to be partitioned into 
multiple virtual routers. Each router instance has its own route table and interface assignments. Beginning 
with Release 16.1, all AOS routers supporting multiple VRF instances (multi-VRF) have an unnamed 
default VRF instance regardless of whether multi-VRF is configured. Therefore, executing the above 
mentioned commands without specifying a VRF will only affect the default unnamed VFF. 


Usage Examples 





The following example creates a DHCP address pool named PRIVATE and assigns it to the VRF instance 
named RED: 


(config)#ip dhcp-server pool PRIVATE 
(config-dhcp)#vrf RED 

WARNING!!! All settings for this pool have been removed 
(config-dhcp)#network 10.22.199.0 255.255.255.0 
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MAIL AGENT CONFIGURATION COMMAND SET 


The mail agent feature of ADTRAN Operating System (AOS) provides a method of adding email 
notification to any AOS feature. The mail agent is configured through the command line interface (CLI) 
and operates with any AOS feature that has configuration or show commands. The mail agent captures 
output from specified commands and emails them to a specified address in the body of an email message. 
Email messages are created when a specified event occurs, and are mailed on a specified schedule. 
Multiple mail agents can be configured and used at one time. For more information about the creation of 
mail agents and their capabilities, refer to the Generic Mail Agent Quick Configuration Guide located on 
the AOS Documentation CD shipped with your unit or online at www.adtran.com. 


To activate the Mail Agent Configuration mode, enter the mail-client command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#mail-client myagent 
(config-mail-client-myagent)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


address on page 2563 

body size <bytes> on page 2564 

capture commands on page 2565 

capture header on page 2566 

capture trigger on page 2567 

send test on page 2569 

send trigger on page 2570 

server <dns-name/ip address> on page 2571 
subject <text> on page 2572 
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address 


Use the address command to specify the CC, From, and To fields in the email messages. Use the no form 
of these commands to remove the specified information from the email header. Variations of this 
command include: 


address cc <email address(es)> 
address from <email address(es)> 
address to <email address> 


Syntax Description 





cc <email address(es)> Specifies the CC field in the email message. Multiple email addresses are 
separated by semicolons. 


from <email address(es)> Specifies the From field in the email message. Multiple email addresses are 
separated by semicolons. 


to <email address> Specifies the To field in the email message. 


Default Values 





By default, the CC value is empty. The To default value is set by the logging email address-list command 
(logging email address-list <email address> ; <email address> on page 848), and the From default value is 
set by the logging email sender command (logging email sender on page 854). 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





The address to command uses a default value from the logging email address-list command (/ogging 
email address-list <email address> ; <email address> on page 848). lf the logging email address-list 
command has been configured, and the mail agent notification will go to the same email, using the 
address to command is not necessary. 


Usage Examples 





The following example configures the CC, From, and To fields in the email notification sent by mail agent 
myagent: 


config)#mail-client myagent 

config-mail-client-myagent)#address to manager@company.net 

config-mail-client-myagent)#address cc fellowemployee@company.net; assistntmngr@company.net 
config-mail-client-myagent)#address from goodemployee@company.net 


aon aN 
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body size <bytes> 


Use the body size command to set the maximum buffer size for the body text of the email message. Use 
the no form of this command to return to the default value. 


Syntax Description 


<bytes> Specifies the maximum number of bytes the buffer holds. Range is 1 to 
65,535 bytes. 


Default Values 





By default, the buffer size is set to 4048 bytes. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





All output generated after the buffer size has been reached will be ignored. 


Usage Examples 





The following example sets the body text buffer size to 6000 bytes for mail agent myagent: 


(config)#mail-agent myagent 
(config-mail-agent-myagent)#body size 6000 
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capture commands 


Use the capture commands command to specify the command output to capture and include in the body 
of the email. Use the no form of this command to remove the specified commands. 


Syntax Description 


No subcommanads. 


Default Values 





By default, no commands are specified. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





The capture commands command specifies the command output to be captured by the mail agent. Show 
and tcl commands can be captured. When the capture commands command is entered, each command 
to be captured is specified with the do keyword followed by the command. The terminal configuration 
mode is enabled by default for the capture commands command, making it necessary to use the keyword 
do. List all commands to be sent in a single notification, followed by the exit keyword. 


Usage Examples 





The following example specifies that the mail agent myagent will capture the output from the show ip 
route and show clock commands: 


(config)#mail-client myagent 
(config-mail-client-myagent)#capture commands 

Enter the commands you wish to run, one line at a time. 
Entries are run from the terminal configuration prompt. 
For example, you must enter ‘do show run’ or ‘int eth 0/1’. 
When finished, type ‘exit’ on a new line to end. 

#do show ip route 

#do show clock 

#exit 

(config-mail-client-myagent)# 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2565 


Command Reference Guide Mail Agent Configuration Command Set 





capture header 
Use the capture header command to specify that header information (ASCII demarcation and a 


timestamp) is included when command output is captured. Use the no form of this command to remove the 
header information from captured command output. 


Syntax Description 





No subcommanas. 


Default Values 





By default, header information is included in captured command output. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example removes header information from the captured command output for mail agent 
myagent: 


(config)#mail-client myagent 
(config-mail-client-myagent)#no capture header 
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capture trigger 


Use the capture trigger command to configure the trigger that causes the mail agent to capture the 
command output. Use the no form of this command to remove the trigger. Variations of this command 
include: 


capture trigger 
capture trigger track <name> fail 
capture trigger track <name> pass 


Syntax Description 





track <name> fail Optional. Specifies the command output is captured when the named track 
changes from a pass state to a fail state. 


track <name> pass Optional. Specifies the command output is captured when the named track 
changes from a fail state to a pass state. 


Default Values 





By default, no tracks are configured and no trigger is defined. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





If no trigger is specified, the mail agent will immediately run the specified commands and capture their 
output. If a track is specified as the capture trigger, the command output will be captured every time the 
track switches to the specified state. The track used should be a preconfigured track with an associated 
schedule. The track will change states when its associated schedule becomes active or inactive. For more 
information on schedules, refer to schedule <name> on page 905. For more information on tracks, refer to 
the Network Monitor Track Configuration Command Set on page 2185 of this guide. For more information 
on the functions of tracks and schedules as part of the mail agent feature, refer to the Generic Mail Agent 
Quick Configuration Guide located on the AOS Documentation CD shipped with your AOS product, or 
online at www.adtran.com. 


The send trigger command (send trigger on page 2570) can be used without the capture trigger 
command. If only the send trigger command is used, the send trigger command will function as the 
capture trigger command and immediately capture the command output and send an email of the 
captured output. If both commands are used, the command output is captured at the time the capture 
trigger occurs, and then an email is sent at the time the send trigger occurs. 
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Usage Examples 





The following example specifies that when the track mail changes to a pass state, the mail agent 
myagent will capture command output: 


(config)#mail-client myagent 
(config-mail-client-myagent)#capture trigger track mail pass 
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send test 
Use the send test command to have the mail agent send a test email message to the email address(es) 


specified by the address to command (on page 2563) or the logging email address-list command (on page 
848). 


Syntax Description 





No subcommanas. 


Default Values 





By default, the test email is sent using your Simple Mail Transfer Protocol (SMTP) settings even if the mail 
client is currently shut down. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





The command appends “This is a test message” onto the current message buffer and sends an email to 
the configured addresses. This command is used to test that the agent is sending emails to the proper 
addresses. 


Usage Examples 





The following example instructs mail agent myagent to send a test email to the previously configured 
email addresses: 


(config)#mail-client myagent 
(config-mail-client-myagent)#send test 
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send trigger 


Use the send trigger command to configure when an email with command output is sent to the email 
address(es) specified by the address to command (on page 2563) or the logging email address-list 
command (on page 848). Use the no form of the command to remove the configuration. Variations of this 
command include: 


send trigger 
send trigger track <name> fail 
send trigger track <name> pass 


Syntax Description 





track <name> fail Optional. Specifies the email message is sent when the named track 
changes from a pass state to a fail state. 


track <name> pass Optional. Specifies the email message is sent when the named track 
changes from a fail state to a pass state. 


Default Values 





By default, no email is sent. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





If no trigger is specified, the mail agent will immediately send the email. If a track is specified as the send 
trigger, the email will be sent every time the track switches to the specified state. The track used should be 
a preconfigured track with an associated schedule. The track will change states when its associated 
schedule becomes active or inactive. For more information on schedules, refer to the schedule command 
on page 905. For more information on tracks, refer to the Network Monitor Track Configuration Command 
Set on page 2185 of this guide. For more information on the functions of tracks and schedules as part of 
the mail agent feature, refer to the Generic Mail Agent Quick Configuration Guide located on the AOS 
Documentation CD shipped with your AOS product, or online at www.adtran.com. 


The send trigger command can be used without the capture trigger command (on page 2567). If only the 
send trigger command is used, the send trigger command will function as the capture trigger command 
and immediately capture the command output and send an email of the captured output. If both commands 
are used, the command output is captured at the time the capture trigger occurs, and then an email is sent 
at the time the send trigger occurs. 


Usage Examples 





The following example specifies when the track named sendmail changes to a fail state, mail agent 
myagent will send an email with captured command output: 


(config)#mail-client myagent 
(config-mail-client-myagent)#send trigger track sendmail fail 
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server <dns-name/ip address> 


Use the server command to specify the Simple Mail Transfer Protocol (SMTP) server for sending mail 
agent notifications. Use the no form of this command to return the server setup to the default value. 


Syntax Description 


<dns-name> Specifies the domain name server (DNS) name of the SMTP server. 


<ijp address> Specifies the IP address of the SMTP server. IP addresses are expressed in 
dotted decimal notation (for example, 10.10.10.1). 


Default Values 





By default, the SMTP server is set to the value defined by the logging email receiver-ip command (on 
page 853). 


Command History 


Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies that mail agent myagent use the SMTP server at IP address 172.5.67.99 
to send email messages: 


(config)#mail-client myagent 
(config-mail-client-myagent)#server 172.5.67.99 
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subject <text> 


Use the subject command to specify the Subject field in the mail agent email message. Use the no form of 
this command to clear the Subject field. 


Syntax Description 


<text> Specifies the text of the subject field. 


Default Values 





By default, this field is empty. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 





The following example specifies a Subject of report1 for the email message sent my mail agent myagent: 


(config)#mail-client myagent 
(config-mail-client-myagent)#subject report1 
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QUALITY OF SERVICE MAP COMMAND SET 


A quality of service (QoS) policy is defined using a QoS map in the ADTRAN Operating System (AOS) 
command line interface (CLI). The QoS map is a named list with sequenced entries. An entry contains a 
single match reference and one or more actions. To activate the QoS Command Set (which allows you to 
create and/or edit a map), enter a valid version of the qos map command at the Global Configuration mode 
prompt. Multiple map entries for the same QoS map are differentiated by a sequence number. The 
sequence number is used to assign match order. 


Once created, a QoS map must be applied to an interface (using the qos-policy command from the desired 
interface command set) in order to actively process traffic. Any traffic for the interface that does not 
explicitly match a map entry is sent using the default queuing method for the interface (such as weighted 
fair queuing (WFQ)). For example: 


>enable 

#config terminal 

config)#qos map VOICEMAP 10 
config-qos-map)#match precedence 5 
config-qos-map)#priority 512 
config-qos-map)#exit 
config)#interface fr 1 


( 
( 
( 
( 
( 
(config-fr 1)#qos-policy out VOICEMAP 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


bandwidth on page 2574 

match on page 2577 

match dscp on page 2580 

match precedence <value> on page 2554 
priority on page 2586 

qos-policy <map name> on page 2589 
set cos <value> on page 2591 

set dscp on page 2592 

set precedence <value> on page 2594 
shape average on page 2595 
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bandwidth 


Use the bandwidth command to specify bandwidth allocation for individual traffic classes for class-based 
weighted fair queuing (CB WFQ) configurations. Use the no form of this command to remove a configured 
bandwidth allocation. Variations of this command include: 


bandwidth <value> 
bandwidth percent <value> 
bandwidth remaining percent <va/lue> 


Syntax Description 





<value> Allocates the minimum bandwidth for a traffic class, specifying the minimum 
as an absolute bandwidth in kilobits per second. Range is 8 to 
2,000,000 kbps. 


percent <value> Allocates a minimum bandwidth for a traffic class, specifying the minimum 
as a percentage of the total interface bandwidth. Refer to Functional Notes 
below for more details. 

remaining percent <va/ue> Allocates a minimum bandwidth for a traffic class, specifying the minimum 
as a percentage of the total interface bandwidth not allocated to priority 
classes in the quality of service (QoS) map. Refer to Functional Notes 
below for more details. 


Default Values 





By default, there is no bandwidth allocation configured for a QoS map entry. 


Functional Notes 





When configuring bandwidth allocations for CBWFQ, there are a few rules that must be obeyed. 


1. The units of the bandwidth (kbps, percent, or remaining percent) must be consistent for all class-based 
entries (using the bandwidth command) in a QoS map set. 


2. The total bandwidth between all priority entries and class-based entries (bandwidth) in a QoS map 
set should not be configured beyond the specified max-reserved-bandwidth (default 75 percent) on 
the interface to which the QoS policy is applied (using the qos-policy command), or the map will be 
disabled. Even with the configuration limit, class-based queues can still use more than the 
max-reserved-bandwidth limitation, up to 100 percent of the bandwidth, if enough traffic is present. 
When the configured QoS map is applied to a physical interface, AOS displays bandwidth information 
for the map and the physical interface. For example, the Frame Relay interface (fr 1) has been 
connected to the E1 interface (e1 1/1) using the cross-connect command. Applying the QoS map 
(MyMapA) to the Frame Relay interface (fr 1) produces the following status message: 


2005.08.09 07:28:22 QOS.INTERFACE QOS policy “MyMapA’” requires 1288 kbps of bandwidth and 
1488 kbps is now available for interface fr 1 -> the QOS policy for this port has been forced ACTIVE. 


This status message displays the sum total of the bandwidths specified in the QoS map (1288 kbps) 
and the available interface bandwidth using the total line rate configured on the interface (1488 kbps). 
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3. Up to five class-based entries (bandwidth commands) can be configured in a particular QoS map set. 


4. Within a QoS map entry, CBWFQ bandwidth and low latency priority actions are mutually exclusive. 
However, bandwidth and priority actions may be applied to different entries in the same QoS map. 


Determining Bandwidth Entries 





Wor When possible, use the bandwidth <value> command to specify an absolute amount of 


bandwidth (in kbps) for the traffic class. 





When determining the percent <va/ue> entry, use the following formula: 


Bandwidth 

Line Rate 
where 
Bandwidth Specifies the minimum amount of bandwidth needed for the traffic (in kbps). 
Line Rate Specifies the total data rate configured on the interface (for example, 


8 DSOs (64 kbps per DSO) on a T1 equals a line rate of 512 kbps). 


For example, to specify 80 kbps of data on an interface with a total of 512 kbps of available bandwidth, 
enter the following command: 


(config-qos-map 1)#bandwidth percent 16 


When determining the remaining percent <va/ue> entry, use the following formula: 


Bandwidth 
[(max-reserved-bandwidth) (Line Rate)] - Priority Traffic 
where 
Bandwidth Specifies the minimum amount of bandwidth needed for the traffic (in kbps). 
max-reserved-bandwiath Specifies the percentage of the total line rate available for use by QoS. 
Line Rate Specifies the total data rate configured on the interface (for example, 
8 DSOs (64 kbps per DSO) on a T1 equals a line rate of 512 kbps). 
Priority Traffic Specifies the amount of bandwidth reserved using the priority command. 


For example, to specify 80 kbps of data on an interface with a total of 512 kbps of available bandwidth, 
256 kbps reserved (using the priority command), and reserving 15 percent of the bandwidth for routing 
and L2 protocol traffic (max-reserved-bandwidth = 85) enter the following command: 


(config-qos-map 1)#bandwidth remaining percent 45 
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Usage Examples 





The following example creates a QoS map with four traffic classes (based on IP packet precedence 
values) and allocates bandwidth to each class: 


(config)#qos map MyMap 1 
(config-qos-map)#match precedence 5 
(config-qos-map)#bandwidth percent 25 


(config)#qos map MyMap 2 
(config-qos-map)#match precedence 3 
(config-qos-map)#bandwidth percent 10 


(config)#qos map MyMap 3 
(config-qos-map)#match precedence 2 
(config-qos-map)#bandwidth percent 10 


(config)#qos map MyMap 4 
(config-qos-map)#match precedence 1 
(config-qos-map)#bandwidth percent 15 
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match 


Use the match command to specify which traffic should be processed by this quality of service (QoS) map 
entry. Use the no forms of these commands to discontinue matching. Variations of this command include: 


match any 

match ip rtp <port #> 

match ip rtp <begin port range> <end port range> 
match ip rtp <begin port range> <end port range> all 
match list <name> 

match protocol bridge 

match protocol bridge netbeui 

match vian <i> 


Syntax Description 





all Optional. Specifies matching all User Datagram Protocol 
(UDP) port numbers in the specified range (even and odd). 
Valid only for ip rtp matches. 


any Match all packets within a QoS map entry that were not 
matched in previous map entries. Since map entries are 
processed in the order of their sequence numbers, the match 
any command can be used to process all packets not 
previously matched by a map entry if it is specified as the last 
QoS map entry. 


ip rtp <begin port range> <end port range> Matches RTP packets with even UDP destination port 
numbers in the specified range (between start and end). 


list <name> Specifies the name of the access control list (ACL) you want 
to use to match packets for this QoS map. Refer to jp 
access-list extended <name> on page 673 for more 
information on creating ACLs. 


protocol bridge Matches frames being bridged by the router. 
protocol bridge netbeui Matches only NetBEUI frames being bridged by the router. 
vlan <id> Match packets associated with a particular VLAN. Indicate 


the VLAN ID number between 1 and 4,095. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 
Release 17.2 Command was expanded to include the any and vian <id> 
options. 
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Functional Notes 





QoS policies are configured in the ADTRAN Operating System (AOS) command line interface (CLI) to 
dictate the priority for servicing specified traffic types on a particular interface. QoS policies contain at least 
one match reference (using the match commana) and one or more action items (using the priority, 
bandwidth, or set commands). 


The match command specifies the criteria used when determining whether incoming traffic is a candidate 
for the QoS policy action items. Multiple match statements can exist within the same QoS policy, allowing 
a single QoS policy to service various types of traffic. Since the statements within the same QoS map 
sequence number use OR logic, traffic only needs to match one of the criteria to be processed. 





match statements in a QoS policy can burden the processor. 


Wor Each listed match statement is handled independently by the processor. Entering too many 





For example, consider a network that contains Class A and Class B traffic that each require 25 percent of 
the total allocated interface bandwidth, the following configuration would be appropriate: 


(config)#qos map MyMap 10 
(config-qos-map)#match list Class_A 
(config-qos-map)#bandwidth percent 25 


(config)#qos map MyMap 20 
(config-qos-map)#match list Class_B 
(config-qos-map)#bandwidth percent 25 


In this example, the combination of both classes will not exceed 25 percent of the total allocated interface 
bandwidth. Class A and Class B will share the 25 percent allocation between them: 


(config)#qos map MyMap 10 

(config-qos-map)#match list Class _A 

(config-qos-map)#match list Class_B 

(config-qos-map)#bandwidth percent 25 

To remove a configured match statement, enter the entire match statement with a preceding no. For 
example, to remove the match statements from the above configured QoS map: 


(config)#qos map MyMap 10 
(config-qos-map)#no match list Class _A 
and 


(config)#qos map MyMap 20 
(config-qos-map)#no match list Class _B 
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Usage Examples 





The following example configures QoS for a network with the following needs: 


Reserve 15 percent of the line rate for routing traffic and L2 protocol traffic (max-reserved-bandwidth = 
85) 


Line Rate = 512 kbps 

Guaranteed 256 kbps for Voice 
Guaranteed 96 kbps for Class 1 
Guaranteed 52 kbps for Class 2 


To configure this QoS policy, enter the following QoS map and interface commands: 
1. Allocate LLQ priority voice traffic. 


(config)#qos map MyMap 10 
(config-qos-map)#match list VOICE 
(config-qos-map)#priority 256 


2. Allocate the CBWFQ data traffic bandwidth for Classes 1 and 2. 


(config)#qos map MyMap 20 
(config-qos-map)#match list CLASS_1 
(config-qos-map)#bandwidth 96 


(config)#qos map MyMap 30 
(config-qos-map)#match list CLASS 2 
(config-qos-map)#bandwidth 52 


3. Specify the reserved bandwidth and apply the map. 


(config-fr 1)#max-reserved-bandwidth 85 
(config-fr 1)#qos-policy out MyMap 
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match dscp 


Use the match dscp command to specify which traffic should be processed by this QoS map based on the 
Differentiated Services Code Point (DSCP) value in the IP header of the packet. Up to eight dscp values or 
identifiers may be specified in a match dscp command. Use the no form of this command to discontinue 
matching. Variations of this command include: 


match dscp <value> 
match dscp <value> afxx 
match dscp <va/lue>csx 
match dscp afxx 

match dscp csx 

match dscp default 
match dscp ef 


Syntax Description 





<value> Specifies the DSCP numeric value. Valid range is 0 to 63. 


af xx Specifies the assured forwarding (AF) class and subclass. Select from: 
11 (001010), 12 (001100), 13 (001110), 21 (010010), 22 (010100), 
23 (010110), 31 (011010), 32 (011100), 33 (011110), 41 (100010), 
42 (100100), or 43 (100110). Up to 8 DSCP values or identifiers may be 


specified. 

csx Specifies the class selector (CS) value. Valid range is 1 to 7. Up to 8 DSCP 
values or identifiers may be specified. 

default Specifies the default IP DSCP value (000000). 

ef Specifies marking for expedited forwarding (EF). 


Default Values 





No default value is necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example instructs the QOS map named MyMap to match the IP header with a DSCP AF 
Class 1, Subclass 2 (af12): 


(config)#qos map MyMap 20 
(config-qos-map)#match ip dscp af12 
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Technology Review 


The DSCP model was created in RFC 2474 and 2475 to build on the original type of service (ToS) field by 
creating a six-bit sequence (combining the precedence value with the delay, throughput, and reliability 
bits). This six-bit sequence increased the number of available values from 8 to 64. The DiffServe model 
introduced a new concept to QoS in the IP network environment: per-hop behaviors (PHBs). The PHB 
premise is that equipment using the DiffServe model have an agreed upon set of rules (PHB types) for 
handling certain network traffic. Though the RFC explicitly defines what each PHB should be capable of, it 
does not restrict vendor-specific implementation of the PHBs. Each vendor is free to decide how their 
network product implements the various defined PHBs. 





According to RFC2474, the DS field contains the following bits: 


0 1 2 3 4 5 6 7 



































| | 
Differentiated Services Code Point Unused* 





*The previously unused bits in the DS field are now used for congestion control and are not discussed in this document. 


Equipment following the DiffServe model (DSCP-compliant nodes) must use the entire six-bit DSCP value 
to determine the appropriate PHB. The PHBs are defined as the following: 


* Default PHB 

* Class selector PHB 

« Assured forwarding PHB (RFC 2597) 

* Expedited forwarding PHB (RFC 2598) 


Default PHB 


All DSCP-compliant nodes must provide a default PHB to offer best-effort forwarding service. For default 
PHBs, the DSCP value is 0. Any packet that does not contain a standardized DSCP should be mapped to 
the default PHB and handled accordingly. 


Class Selector PHB 


In the class selector PHB, the first three bits in the DSCP value are used for backwards compatibility to 
systems implementing IP precedence. In this scenario, all but the first three bits of the DS field are set to 0. 
This compatibility requires DSCP-compliant nodes to provide the same data services as are provided by 
nodes implementing IP precedence. The following table is a comparison of IP precedence values to their 
corresponding DSCP values. 














IP Precedence DSCP Value (bits) 
Value (bits) 
0 (000) 0 (000000) 
1 (001) 8 (001000) 
2 (010) 16 (010000) 
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Assured Forwarding PHB 





011000 





100000 








110000 











24 ( ) 
32 ( ) 
40 (101000) 
48 ( ) 
56 ( ) 





111000 





The flexibility of DiffServe allows for more developed subclasses of service within each main class using 
the last three bits of the DSCP. As defined in RFC 2597, the assured forwarding PHB creates four main 


classes of service: 


























Class DSCP Bits 
AF1 001XX0 
AF2 010XX0 
AF3 011XX0 
AF4 100XX0 

X indicates a do not care value. 








The first three bits of the DSCP specify the class and the last bit is always zero. Each class is separated 

into subclasses using the two remaining bits in the DSCP (bits 3 and 4). The subclasses are divided based 
on the likelinood that packets in the class are dropped in the event of network congestion. The higher the 
value for bits 3 and 4, the greater the likelihood that the packets will be dropped. 

















Bit 3 Bit 4 Drop Precedence 
0 1 Low 
1 0 Medium 
1 1 High 
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The following table lists the assured forwarding PHB subclasses and their corresponding DSCP bits and 


values. 


Expedited Forwarding PHB 












































Class Subclass DSCP Bits DSCP Value 
AF1 1 001010 10 
2 001100 12 
3 001110 14 
AF2 1 010010 18 
2 010100 20 
3 010110 22 
AF3 1 011010 26 
2 011100 28 
3 011110 30 
AF4 1 100010 34 
2 100100 36 
100110 38 

















RFC 2598 created a new DiffServe PHB intended to provide the best service possible on an IP network. 


Packets using the expedited forwarding PHB markings should provide service to reduce latency, jitter, 


dropped packets, and be guaranteed bandwidth during the entire end-to-end transmission journey through 


the network. The DSCP value for the expedited forwarding PHB is 46 (DSCP bits are 101110). 
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match precedence <va/ue> 


Use the match precedence command to configure the quality of service (QoS) match maps based on the 
precedence value in the IP header of the packet. Use the no form of this command to discontinue matching. 


Syntax Description 


<value> Specifies matching the IP precedence (in numeric value). Valid range is 
0 to 7 in ascending order of importance. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example instructs the QOS map named MyMap to match the IP precedence value of 5: 


(config)#qos map MyMap 20 
(config-qos-map)#match ip precedence 5 


Technology Review 





RFC 791 created a single octet (labeled type of service) to help with the difficulty of trying to provide QoS 
handling in IP networks. 


According to RFC 791, the Type of Service field contains the following bits: 



































Precedence _!| Unused 
Delay Reliability 


Throughput 
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The three-bit IP precedence values (0 through 7) are specified as: 


111 Network Control Packets 
110 Internetwork Control Packets 
101 Critical Traffic 

100 Flash Override 

011 Flash 

010 Immediate Servicing 

001 Priority Traffic 

000 Routine Data 


The IP precedence values provide network routers with information about what kind of traffic is contained 
in the IP packet. Based on the IP precedence values, some networks (when supported) can offer special 
handling to certain packets. In addition, providing IP precedence values to critical traffic (such as route 
information) ensures that critical packets will always be delivered regardless of network congestion. This 
traffic is often critical to network and internetwork operation. In general, the higher the IP precedence 
value, the more important the traffic and the better handling it should receive in the network. It is important 
to remember that not all equipment in the public IP network will be configured to recognize and handle IP 
precedence values. While it is a good idea to set the values for critical traffic, it does not guarantee special 
handling. 


In addition to the precedence values, RFC 791 specifies bits for delay, throughput, and reliability to help 
balance the needs of particular traffic types when traveling on the IP network infrastructure. When these 
bits are set to 0, they are handled with normal operation. When set to 1, each bit specifies premium 
handling for that parameter. For example, a 1 in the delay position indicates that the traffic is delay 
sensitive and care should be taken to minimize delay. A 1 in the throughput position indicates that the 
traffic has higher bandwidth requirements that should be met. A 1 in the reliability position indicates that 
the traffic is sensitive to delivery issues and care should be taken to ensure proper delivery with all packets 
of this type. These extra bits are rarely used because they are quite difficult to balance the cost and 
benefits of each parameter (especially when more than one bit is set to 1). 
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priority 


Use the priority command to specify a high-priority queue, prioritizing this traffic above all others. If no 
traffic is present in any other queue, priority traffic is allowed to burst up to the interface rate; otherwise, 
priority traffic above the specified bandwidth is dropped. Use the no form of this command to disable this 
feature. Variations of this command include: 


priority <bandwidth> 

priority <bandwidth> <burst> 
priority percent <value> 
priority percent <va/lue> <burst> 
priority unlimited 


Wor The priority command cannot be specified in conjunction with the shape average 


command in a QoS entry. 





Syntax Description 





<bandwidth> Specifies a low latency queue, prioritizing this traffic above all other user 
traffic in kilobits per second. Range is 8 to 1,000,000. If no traffic is present 
in any other queue, priority traffic is allowed to burst up to the interface rate. 
Otherwise, priority traffic above the specified bandwidth will be dropped. 


<burst> Optional. Specifies the maximum burst size (in bytes) for traffic in this 
priority queue. This parameter should be left unconfigured for optimal 
performance. Range for bandwidth burst is 32 to 1,000,000. Range for 
percentage burst is 32 to 2,000,000. 


percent <value> Allocates a maximum bandwidth for a traffic class, specifying the maximum 
as a percentage of the total interface bandwidth. This command is 
especially useful for protecting bandwidth allocation in multilink 
applications. Percentage range is 1 to 100 percent. Refer to Functional 
Notes for more details. 

unlimited Optional. Specifies no limits on the priority queue bandwidth. Use of this 
feature could potentially use all of the available bandwidth on the interface, 
even when the max-reserved-bandwidth command is not set to 100%. 





from being processed. A network outage could occur when excessive priority traffic is 
present and consumes all of the available bandwidth on the interface. 


Use the priority unlimited command with caution as it could prevent vital Layer 2 traffic 
don 





Default Values 





No default value is necessary for this command. 
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Command History 





Release 6.1 Command was introduced. 


Functional Notes 





The priority queue is intended for constant bit rate traffic, such as voice due to the rate limiting. 
Nonconstant bit rate data traffic does not usually respond well to rate limiting in a priority queue. Important 
data traffic should typically use the class-based queue bandwidth command (on page 2574) instead. The 
sum of the bandwidths reserved by priority commands for all entries of a QoS map cannot exceed the 
max-reserved-bandwidth rate specified for the interfaces to which the map is applied. Priority bandwidth 
is guaranteed maximum bandwidth (in kbps). 


Determining Bandwidth Entries 





When possible, use the priority <bandwidth> command to specify an absolute amount of 
‘ore bandwidth (in kbps) for the priority queue. 


When determining the priority percent <va/ue> entry, use the following formula: 


Bandwidth 

Line Rate 
where 
Bandwidth Specifies the minimum amount of bandwidth needed for the traffic (in kbps). 
Line Rate Specifies the total data rate configured on the interface (for example, 


8 DSOs (64 kbps per DSO) on a T1 equals a line rate of 512 kbps). 


For example, to specify 80 kbps of data on an interface with a total of 512 kbps of available bandwidth, 
enter the following command: 


(config-qos-map 1)#priority percent 16 


Usage Examples 





The following example configures QoS for a network with the following needs: 


Reserve 15 percent of the line rate for routing traffic and L2 protocol traffic (max-reserved-bandwidth = 
85). 


Line Rate = 512 kbps 

Guaranteed 256 kbps for Voice 
Guaranteed 96 kbps for Class 1 
Guaranteed 52 kbps for Class 2 


To configure this QoS policy, enter the following QoS map and interface commands: 


1. Allocate LLQ Priority voice traffic. 





60000CRGD-35A Copyright © 2008 ADTRAN, Inc. 2587 


Command Reference Guide Quality of Service Map Command Set 





(config)#qos map MyMap 10 
(config-qos-map)#match list VOICE 
(config-qos-map)#priority 256 


2. Allocate the class-based weighted fair queuing (CBWFQ) data traffic bandwidth for Classes 1 and 2. 


(config)#qos map MyMap 20 
(config-qos-map)#match list CLASS_1 
(config-qos-map)#bandwidth 96 


(config)#qos map MyMap 30 
(config-qos-map)#match list CLASS _ 2 
(config-qos-map)#bandwidth 52 


3. Specify the reserved bandwidth and apply the map. 


(config-fr 1)#max-reserved-bandwidth 85 
(config-fr 1)#qos-policy out MyMap 
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qos-policy <map name> 


Use the qos-policy command within a parent map to divide a quality of service (QoS) policy map into 
more specific subclasses. Use the no form of this command to remove the subclass and policy mapping 
attributes of the parent map. 





Wo Use of the qos-policy command to configure child maps within a parent map is only 


supported on maps applied to Ethernet interfaces. 





Syntax Description 





<map name> Specifies the QoS map name. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 


The qos-policy command has two functions in the ADTRAN Operating System (AOS) command line 
interface (CLI). In the application described here, it is used to further subdivide a class into more specific 
subclasses. From the interface configuration command set, it is used to apply a QoS map to the interface. 
Refer to gos-policy on page 1169 in the Ethernet Interface Configuration Command Set for more 
information on using the qos-policy command in the interface configuration command set. 


When subdividing a QoS policy map, the most specific (or child map) QoS map should be created first and 
then the map is referenced using the qos-policy command within the QoS map entry of the base map that 
is being subdivided. The base (or parent map) is applied to the interface using the qos-policy out 
command (refer to page 1169). 


Only two levels of maps are allowed, meaning child maps (or subclasses) cannot have additional child 
maps beneath them. A child map cannot reference another child map. If the child map referenced by this 
command is deleted, then the qos-policy command is also deleted from the parent map. 


Usage Examples 





For example, the following configuration uses the ShapeEVCs QoS map to constrain each VLAN’s traffic 
to specific rates. The VLAN 2 traffic that is put into the shaping queue is broken up into class-based 
queuing (CBQ) or low latency queuing (LLQ) subclasses using the classQueues QoS map. Traffic not 
matching a QoS map entry is treated as best effort, and is dynamically assigned to a best effort weighted 
fair queue (WFQ). 


(config)#qos map classQueues 10 
(config-qos-map)#match dscp ef 
(config-qos-map)#priority 200 
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(config-qos-map)#qos map classQueues 20 
(config-qos-map)#match dscp af31 af32 af33 
(config-qos-map)#bandwidth 500 ! class based rate in Kbps 


config-qos-map)#qos map ShapeEVCs 10 
config-qos-map)#match vlan 2 

config-qos-map)#shape average 1000000 ! vian2Rate in bps 
config-qos-map)#qos-policy classQueues 


(config-qos-map)#qos map ShapeEVCs 20 
(config-qos-map)#match vlan 3 
(config-qos-map)#shape average 2000000 ! vian3Rate 


(config-qos-map)#interface eth 0/1 
(config-eth 0/1)#encapsulation 802.1q 
(config-eth 0/1)#qos-policy out ShapeEVCs 


config-eth 0/1)#interface eth 0/1.2 
config-eth 0/1.2)#vlan-id 2 
config-eth 0/1.2)#interface eth 0/1.3 
config-eth 0/1.3)#vlan-id 3 


an aN 
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set cos <value> 


Use the set cos command to modify the Layer 2 class of service (CoS) value (on matching packets) to the 
specified value. Use the no form of this command to discontinue the action from the quality of service 
(QoS) policy map. 


Syntax Description 





<value> Specifies the CoS numeric value. Valid range is 0 to 7. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 





QoS policies are configured in the ADTRAN Operating System (AOS) command line interface (CLI) to 
dictate the priority for servicing specified traffic types on a particular interface. QoS policies contain at least 
one match reference (using the match command) and one or more action items (using the priority, 
bandwidth, shape, or set commands). 


The set cos command can be used to change the Ethernet 802.1p priority field for traffic serviced by the 
QoS policy. Every 802.1q tagged Ethernet frame contains a 3-bit CoS field used for marking data types 
requiring special handling when traveling through the network. 


Usage Examples 





The following example sets the CoS value, for all matching traffic within the specified QoS map entry, to 1: 
(config)#qos map VOICEMAP 10 

(config-qos-map)#set cos 1 

The following example removes all CoS value change requests from the QoS map entry: 


(config)#qos map VOICEMAP 10 
(config-qos-map)#no set cos 
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set dscp 


Use the set dscp command to modify the differentiated services code point (DSCP) field (on matching 
packets) to the specified value. For more details on determining the DSCP field, refer to the Technology 
Review section of the command match dscp on page 2580. Use the no form of this command to remove a 
specified DSCP value. Variations of this command include: 


set dscp <value> 
set dscp afxx 
set dscp csx 

set dscp default 
set dscp ef 


Syntax Description 





<value> Specifies the DSCP numeric value. Valid range is 0 to 63. 


af xx Specifies the assured forwarding (AF) class and subclass. Select from: 
11 (001010), 12 (001100), 13 (001110), 21 (010010), 22 (010100), 
23 (010110), 31 (011010), 32 (011100), 33 (011110), 41 (100010), 
42 (100100), or 43 (100110). 


csx Specifies the class selector (CS) value. Valid range is 1 to 7. 
default Specifies the default IP DSCP value (000000). 
ef Specifies marking for expedited forwarding (EF). 


Default Values 


No default value is necessary for this command. 


Command History 





Release 6.1 Command was introduced. 


Functional Notes 





QoS policies are configured in the ADTRAN Operating System (AOS) command line interface (CLI) to 
dictate the priority for servicing specified traffic types on a particular interface. QoS policies contain at least 
one match reference (using the match command) and one or more action items (using the priority, 
bandwidth, shape, or set commands). 


The set dscp command can be used to change the differentiated services (DS) field for incoming traffic 
serviced by the quality of service (QoS) policy. Every IPv4 header contains an 8-bit type of service (ToS) 
field used for marking data types requiring special handling when traveling through the network. Originally 
this ToS field was used for IP precedence markings (using only the first three bits of the 8-bit field), and 
was later revised in RFC 2474 to create the 6-bit DS field (reserving the last two bits of the field for future 
use). The DS field can be manipulated to indicate higher or lower traffic priority using decimal values 
between 0 and 63. 
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Usage Examples 





This command sets the DSCP value, for all matching traffic within the specified QoS map entry, to 46: 


(config)#qos map VOICEMAP 10 
(config-qos-map)#set dscp 46 
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set precedence <value> 


Use the set precedence command to modify the IP precedence value (on matching packets) in the IP 
header to the specified value. For more details on IP precedence, refer to the Technology Review section of 
the command match precedence <value> on page 2584. Use the no form of this command to discontinue 
the action from the quality of service (QoS) policy map. 


Syntax Description 





<value> Specifies the IP precedence numeric value. Valid range is 0 to 7 in 
ascending order of importance. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Usage Examples 


The following example sets the precedence value, for all matching traffic within the specified QOS map 
entry, to 1: 


(config)#qos map VOICEMAP 10 
(config-qos-map)#set precedence 1 


The following example removes all precedence value change requests from the QoS map entry: 


(config)#qos map VOICEMAP 10 
(config-qos-map)#no set precedence 
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shape average 


Use the shape average command to shape the traffic in this class to an average rate. Use the no form of 
this command to disable this feature. Variations of this command include: 


shape average <bandwiadth> 

shape average <bandwidth> count-eth-overhead 

shape average <bandwiath> burst <rate> 

shape average <bandwidth> burst <rate> count-eth-overhead 





applied to Ethernet interfaces. 


or Use of the shape average command is only supported on quality of service (QoS) maps 








The shape average command cannot be specified in conjunction with the priority 
command in a QoS entry. 








Syntax Description 





<bandwidth> Specifies an average bandwidth in bits per second. Range is 8192 to 
1,000,000,000 bps. 
burst <rate> Optional. Specifies the maximum burst rate (in bytes) for traffic in this QoS 


map entry. This parameter should be left unconfigured for optimal 
performance. Range is 1600 to 6,250,000 bytes. 


count-eth-overhead Optional. Indicates to include the Ethernet header overhead bytes when 
determining packet size. 


Default Values 





No default value is necessary for this command. 


Command History 





Release 17.2 Command was introduced. 


Functional Notes 


Traffic shaping allows the traffic to be smoothed in order to maintain a uniform rate to take full advantage of 
the provided bandwidth. Short bursts of traffic above the configured rate are allowed when there is 
sufficient budget. Traffic outside of the current budget is put into a shaping queue and transmitted once the 
budget is available. 
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Usage Examples 





The following example shapes the traffic in this QoS class to an average rate of 2,000,000 bps: 


(config)#qos map VOICEMAP 10 
(config-qos-map)#shape average 2000000 
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RADIUS GROUP COMMAND SET 





To activate the Radius Group Configuration mode, enter the aaa group server command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 

(config)#aaa group server radius myServer 
(config-sg-radius)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

end on page 50 

exit on page 51 

shutdown on page 59 


All other commands for this command set are described in this section in alphabetical order. 


server on page 2598 
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server 


Use the server command to add a predefined RADIUS server to the current named list of servers. Use the 
no form of this command to disable this feature. Refer to radius-server on page 894 for more information. 


Variations of this command include: 


server <number> 
server acct-port <number> 
server auth-port <number> 


Syntax Description 





acct-port <number> Optional. Specifies the accounting port (by number) to add to the list. 
auth-port <number> Optional. Specifies the authorization port (by number) to add to the list. 


Default Values 





No defaults necessary for this command. 


Command History 





Release 5.1 Command was introduced. 


Usage Examples 





The following example adds a server to the myServers list: 


(config)#aaa group server radius myServers 
(config-sg-radius)#server 1.2.3.4 acct-port 786 auth-port 1812 
(config-sg-radius)#server 4.3.2.1 

(config-sg-radius)#exit 

( 


config)#aaa group server radius myServers 
config-sg-radius)#server 4.3.2.1 
config-sg-radius)#exit 

config)# 
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ROUTE MAP CONFIGURATION COMMAND SET 





To activate the Route Map Configuration mode, enter the route-map command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#route-map MyMap permit 100 
(config-route-map)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
description <text> on page 48 
do on page 49 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


match as-path <name> on page 2601 

match community <name> on page 2602 

match ip address <name> on page 2603 

match ip address prefix-list <name> on page 2604 
match ip dscp on page 2605 

match ip precedence on page 2609 

match length <minimum> <maximum> on page 2611 
match metric <value> on page 2612 

match tag <number> on page 2613 

set as-path prepend on page 2614 

set comm-list <name> delete on page 2615 

set community on page 2616 

set default interface on page 2618 

set interface <interface> on page 2619 

set ip default next-hop <interface> on page 2620 
set ip df on page 2621 

set ip dscp on page 2622 

set ip next-hop <ip address> on page 2623 

set ip precedence on page 2624 

set local-preference <value> on page 2625 

set metric <value> on page 2626 
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set metric-type on page 2627 
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match as-path <name> 


Use the match as-path command to configure the route map to route traffic based on the AS path list 
name. Use the no form of this command to discontinue matching. 


Syntax Description 


<name> Specifies the name of the AS path list you want to match. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to match the AS path list named TestPath: 


(config)#route-map MyMap permit 100 
(config-route-map)#match as-path TestPath 
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match community <name> 


Use the match community command to configure the route map to route traffic based on a specified 
community. Use the no form of this command to discontinue matching. Variations of this command 
include: 


match community <name> 
match community <name> exact-match 


Syntax Description 





<name> Specifies the name of the community you want to match. 
exact-match Optional. Specifies that the route map must match the community name 
exactly. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to match the community named 
MyCommunity: 


(config)#route-map MyMap permit 100 
(config-route-map)#match community MyCommunity 
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match ip address <name> 
Use the match ip address command to configure the route map to route traffic based on the access control 


list name defined with the ip access-list command. Refer to ip access-list extended <name> on page 673 
for more information. Use the no form of this command to discontinue matching. 


Syntax Description 





<name> Specifies the name of the access control list to match. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to match the IP address access control list 
named MyList: 


(config)#route-map MyMap permit 100 
(config-route-map)#match ip address MyList 
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match ip address prefix-list <name> 


Use the match ip address prefix-list command to configure the route map to route traffic based on a 
prefix list route filter. The name of the prefix list is defined with the ip prefix-list command. Refer to ip 
prefix-list <name> description < “text” > on page 756 for more information. Use the no form of this 
command to discontinue matching. 


Syntax Description 





<name> Specifies matching the IP address based on the prefix list name. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to match the IP address prefix list named 
MyList: 


(config)#route-map MyMap permit 100 
(config-route-map)#match ip address prefix-list MyList 
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match ip dscp 


Use the match ip dscp command to configure the route map to route traffic based on the Differentiated 
Services Code Point (DSCP) value in the IP header of the packet. Use the no form of this command to 
discontinue matching. Variations of this command include: 


match ip dscp <value> 
match ip dscp afxx 
match ip dscp csx 
match ip dscp default 
match ip dscp ef 


Syntax Description 





<value> Specifies the DSCP numeric value. Valid range is 0 to 63. 


afxx Specifies the assured forwarding (AF) class and subclass. Select from: 11 
(001010), 12 (001100), 13 (001110), 21 (010010), 22 (010100), 
23 (010110), 31 (011010), 32 (011100), 33 (011110), 41 (100010), 
42 (100100), or 43 (100110). 


csx Specifies the class selector (CS) value. Valid range is 1 to 7. 
default Specifies the default IP DSCP value (000000). 
ef Specifies marking for expedited forwarding (EF). 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 


The Differentiated Services (DiffServ or DS) model was created in RFC 2474 and 2475 to build on the 
original Type of Service field by creating a six-bit sequence (combining the precedence value with the 
delay, throughput, and reliability bits). This six-bit sequence increased the number of available values from 
8 to 64. The DiffServ model introduced a new concept to QoS in the IP network environment: per-hop 
behaviors (PHBs). The PHB premise is that pieces equipment using the DiffServ model have an agreed 
upon set of rules (PHB types) for handling certain network traffic. Though the RFC explicitly defines what 
each PHB should be capable of, it does not restrict vendor-specific implementation of the PHBs. Each 
vendor is free to decide how their network product implements the various defined PHBs. 
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According to RFC 2474, the DS field contains the following bits: 
0 1 2 3 4 5 6 7 






































| | | | 
Differentiated Service Code Point Unused* 


* The previously unused bits in the DS field are now used for congestion control and are not discussed in this document. 


Equipment following the DiffServ model (DS-compliant nodes) must use the entire six-bit DSCP value to 
determine the appropriate PHB. The PHBs are defined as the following: 


« Default PHB 

* Class Selector PHB 

* Assured Forwarding PHB (RFC 2597) 

* Expedited Forwarding PHB (RFC 2598) 


Default PHB 


All DS-compliant nodes must provide a Default PHB to offer best-effort forwarding service. For Default 
PHBs, the DSCP value is 0. Any packet that does not contain a standardized DSCP should be mapped to 
the Default PHB and handled accordingly. 


Class Selector PHB 


In the Class Selector PHB, the first three bits in the DSCP value are used for backwards compatibility to 
systems implementing IP precedence. In this scenario, all but the first three bits of the DS field are set to 0. 
This compatibility requires DS-compliant nodes to provide the same data services as are provided by 
nodes implementing IP precedence. The following table is a comparison of IP precedence values to their 
corresponding DSCP values. 





























IP Precedence 
Value (bits) DSCP Value (bits) 
0 (000) 0 (000000) 
1 (001) 8 (001000) 
2 (010) 16 (010000) 
3 (011) 24 (011000) 
4 (100) 32 (100000) 
5 (101) 40 (101000) 
6 (110) 48 (110000) 
7 (111) 56 (111000) 
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Assured Forwarding PHB 


The flexibility of DiffServ allows for more developed subclasses of service within each main class using the 


last three bits of the DSCP. As defined in RFC 2597, the Assured Forwarding PHB creates four main 


classes of service: 

















Class DSCP Bits 
AF1 001XX0 
AF2 010XX0 
AF3 011XX0 
AF4 100XX0 

X indicates a “do not care” value 

















The first three bits of the DSCP specify the class, and the last bit is always zero. Each class is separated 
into subclasses using the two remaining bits in the DSCP (bits 3 and 4). The subclasses are divided based 
on the likelihood that packets in the class are dropped in the event of network congestion. The higher the 


value for bits 3 and 4, the greater the likelinood that the packets will be dropped. 

















Drop 
Bit 3 Bit 4 Precedence 
0 1 Low 
1 0 Medium 
1 1 High 














The following table lists the Assured Forwarding PHB subclasses and their corresponding DSCP bits and 


values. 






































Class Subclass DSCP Bits DSCP Value 
AF1 1 001010 10 
2 001100 12 
3 001110 14 
AF2 1 010010 18 
2 010100 20 
3 010110 22 
AF3 1 011010 26 
2 011100 28 
3 011110 30 
AF4 1 100010 34 
2 100100 36 
3 100110 38 
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Expedited Forwarding PHB 


RFC 2598 created a new DiffServ PHB intended to provide the best service possible on an IP network. 
Packets using the Expedited Forwarding PHB markings should be provided service to reduce latency, jitter, 
and dropped packets, and should be guaranteed bandwidth during the entire end-to-end transmission 
journey through the network. The DSCP value for the Expedited Forwarding PHB is 46 (DSCP bits are 
101110). 


Usage Examples 





The following example instructs the route map named MyMap to match the IP header with a DSCP 
Assured Forwarding Class 1, Subclass 2 (af12): 


(config)#route-map MyMap permit 100 
(config-route-map)#match ip dscp af12 
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match ip precedence 


Use the match ip precedence command to configure the route map to route traffic based on the 
precedence value in the IP header of the packet. Use the no form of this command to discontinue matching. 
Variations of this command include: 


match ip precedence <value> 
match ip precedence critical 

match ip precedence flash 

match ip precedence flash-override 
match ip precedence immediate 
match ip precedence internet 
match ip precedence network 
match ip precedence priority 
match ip precedence routine 


Syntax Description 





<value> Specifies matching the IP precedence (in numeric value). Valid range is 

0 to 7 in ascending order of importance. 
routine Specifies matching the IP precedence routine. (Numeric value of 0.) 
priority Specifies matching the IP precedence priority. (Numeric value of 1.) 
immediate Specifies matching the IP precedence immediate. (Numeric value of 2.) 
flash Specifies matching the IP precedence flash. (Numeric value of 3.) 
flash-override Specifies matching the IP precedence flash-override. (Numeric value of 4.) 
critical Specifies matching the IP precedence critical. (Numeric value of 5.) 
internet Specifies matching the IP precedence internet. (Numeric value of 6.) This 


level is reserved for internal network use. 


network Specifies matching the IP precedence network. (Numeric value of 7.) This 
level is reserved for internal network use. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Functional Notes 





RFC 791 created a single octet (labeled Type of Service) to help with the difficulty of trying to provide QoS 
handling in IP networks. 
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According to RFC 791, the Type of Service field contains the following bits: 
0 1 2 3 4 5 6 7 






































L 
Precedence Unused 


Delay Reliability 
Throughput 


The three-bit IP precedence values (0 through 7) are specified as: 


111 Network Control Packets 
110 Internetwork Control Packets 
101 Critical Traffic 

100 Flash Override 

011 Flash 

010 Immediate Servicing 

001 Priority Traffic 

000 Routine Data 


The IP precedence values provide network routers with information about the kind of traffic contained in 
the IP packet. Based on the IP precedence values, some networks (when supported) can offer special 
handling to certain packets. In addition, providing IP precedence values to critical traffic (such as route 
information) ensures that critical packets will always be delivered regardless of network congestion. This 
traffic is often critical to network and internetwork operation. In general, the higher the IP precedence 
value, the more important the traffic and the better handling it should receive in the network. It is important 
to remember that not all equipment in the public IP network will be configured to recognize and handle IP 
precedence values. While it is a good idea to set the values for critical traffic, it does not guarantee special 
handling. 


In addition to the IP precedence values, RFC 791 specifies bits for delay, throughput, and reliability to help 
balance the needs of particular traffic types when traveling on the IP network infrastructure. When these 
bits are set to 0, they are handled with normal operation. When set to 1, each bit specifies premium 
handling for that parameter. For example, a 1 in the delay position indicates that the traffic is 
delay-sensitive and care should be taken to minimize delay. A 1 in the throughput position indicates that 
the traffic has higher bandwidth requirements that should be met. A 1 in the reliability position indicates 
that the traffic is sensitive to delivery issues and care should be taken to ensure proper delivery with all 
packets of this type. These extra bits are rarely used because it is quite difficult to balance the cost and 
benefits of each parameter (especially when more than one bit is set to 1). 


Usage Examples 


The following example instructs the route map named MyMap to match the IP precedence value of 
critical: 


(config)#route-map MyMap permit 100 
(config-route-map)#match ip precedence critical 
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match length <minimum> <maximum> 


Use the match length command to configure the route map to route traffic based on the packet length. Use 
the no form of this command to discontinue matching. 


Syntax Description 


<minimum> Specifies the minimum packet length you want to match. 
Valid range is 1 to 4,294,967,295.) 
<maximum> Specifies the maximum packet length you want to match. 


Valid range is 1 to 4,294,967,295.) 


Default Values 





No default value necessary for this command. 


Command History 


Release 11.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to match packets with a minimum length of 
1 and a maximum length of 200: 


(config)#route-map MyMap permit 100 
(config-route-map)#match length 1 200 
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match metric <value> 


Use the match metric command to configure the route map to route traffic based on a specified metric 
value. Use the no form of this command to discontinue matching. 


Syntax Description 


<value> Specifies the metric value you want to match. Valid range is 1 to 
4,294,967,295. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to match the metric value 100: 


(config)#route-map MyMap permit 100 
(config-route-map)#match metric 100 
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match tag <number> 


Use the match tag command to configure the route map to filter traffic based on a route’s tag value. Use 
the no form of this command to discontinue matching. 


match tag <number> 
match tag <number> <number> 


Syntax Description 





<number> Specifies the desired route tag value to match. If more than one value is 
specified, the match command will pass if any value matches. Valid range is 
1 to 65,535. 


Default Values 


No default value is necessary for this command. 


Command History 





Release 15.1 Command was introduced. 


Functional Notes 


More than one value may be specified as a tag to be matched. 


Usage Examples 





The following example instructs the route map named MyMap to match a route tag of 100 or 200: 


(config)#route-map MyMap permit 1 
(config-route-map)#match tag 100 200 


Technical Review 





The ip route command is related to the match tag command in that it includes an optional parameter to 
set the route tag value for local static routes. 


VPN RRI (Reverse-Route Injection) routes can also have a tag applied. 
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set as-path prepend 


Use the set as-path prepend command to prepend a number to the AS path to influence the best-path 
selection process by making the AS path appear further away. Use the no form of this command to disable 
this feature. Variations of this command include: 


set as-path prepend <number> 
set as-path prepend last-as <number> 


Syntax Description 





prepend <number> Specifies a number to be prepended to the AS path value as an 
autonomous number. Valid range is 1 to 65,535. 


prepend last-as <number> Specifies a number to be prepended to the last AS path number. 
Valid range is 1 to 10. 


Default Values 


No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example prepends the number 2 to the last AS path number: 


(config)#route-map MyMap permit 100 
(config-route-map)#set as-path prepend last-as 2 
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set comm-list <name> delete 


Use the set comm-list delete command to specify a list of communities to delete. Use the no form of this 
command to disable this feature. 


Syntax Description 


<name> Specifies the name of the list of communities to delete. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example deletes the community list named listname: 


(config)#route-map MyMap permit 100 
(config-route-map)#set comm-list listname delete 
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set community 


Use the set community command to modify the community attribute for all paths serviced by the route 
map. Use the no form of this command to disable this feature. Variations of this command include: 


set community <value> 

set community <va/ue> add 

set community <va/ue> internet 

set community <val/ue> local-as 

set community <va/ue> no-advertise 
set community <va/ue> no-export 
set community none 


Syntax Description 





<value> Sets the community attribute to the specified community number for routes 
serviced by this route map. This is a numeric value that can be an integer 
from 1 to 4,294,967,295 or string in the form “aa:nn”, where the value of 
“aa” is the AS number and the value of “nn” is the community number. 
Multiple community-number parameters can be present in the command. 


add Appends the listed community number to the end of the community attribute 
for routes serviced by this route map. 

internet Sets the community attribute to the INTERNET community number for 
routes serviced by this route map. 

local-as Sets the community attribute to the NO_EXPORT_SUBCONFED 


community number for routes serviced by this route map. Routes containing 
this attribute should not be advertised to external BGP peers. 


no-advertise Sets the community attribute to the NO_ADVERTISE community number 
for routes serviced by this route map. Routes containing this attribute 
should not be advertised to any BGP peer. 


no-export Sets the community attribute to the NO_EXPORT community number for 
routes serviced by this route map. Routes containing this attribute should 
not be advertised to BGP peers outside a confederation boundary. 


none Removes all communities from BGP routes serviced by this route map. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 
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Usage Examples 





The following example sets the community number for BGP routes to the Internet community: 


(config)#route-map MyMap permit 100 
(config-route-map)#set community internet 
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set default interface 


Use the set default interface command to specify a default interface to redirect traffic to the specified 
interface if there is no specific routing information for the traffic. If more than one interface is specified, 
the router uses the first available interface from the list. Use the no form of this command to remove the 
default interface. Variations of this command include: 


set default interface <interface> 
set default interface null 0 


Syntax Description 





<interface> Specifies the default interface. Specify an interface in the format <interface 
type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. 
Type set default interface ? for a list of valid interface types. 


null 0 Redirects traffic to the specified interface regardless of available routing 
information. 


Default Values 


No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 


The following example sets the default interface as ppp 1 interface: 


(config)#route-map MyMap permit 100 
(config-route-map)#set default interface ppp 1 
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set interface <interface> 
Use the set interface command to specify an output interface for the packet. Multiple interfaces can be 


specified. The router forwards the packet along the first usable interface. Use the no form of this command 
to cancel output from the specified interface. 


Syntax Description 





<interface> Sets output interface type for the packet. Specify an interface in the format 
<interface type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type set interface ? for a 
list of valid interfaces. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the output interface as PPP 1: 


(config)#route-map MyMap permit 100 
(config-route-map)#set interface ppp 1 
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set ip default next-hop </nterface> 
Use the set ip default next-hop command to set the next-hop IP address to the specified interface’ s 


address for all routes serviced by the route map that do no have explicit routing information available. Use 
the no form of this command to remove the configured default next-hop. 


Syntax Description 





<interface> Specifies the default interface. Specify an interface in the format <interface 
type [slot/port | slot/port.subinterface id | interface id | interface 
id.subinterface id | ap | ap/radio | ap/radio.vap]>. For example, for a T1 
interface, use t1 0/1; for an Ethernet subinterface, use eth 0/1.1; fora PPP 
interface, use ppp 1; for an ATM subinterface, use atm 1.1; and fora 
wireless virtual access point, use dot11ap 1/1.1. Type set default 
next-hop ? for a list of valid interface types. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the default next-hop interface to the ppp 1 interface: 


(config)#route-map MyMap permit 100 
(config-route-map)#set ip default next-hop ppp 1 
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set ip df 


Use the set ip df command to identify the packet as “don’t fragment” (DF). Use the no form of this 


command to remove this designation. 


Syntax Description 


No subcommanads. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example designates the packet as “don’t fragment”: 


(config)#route-map MyMap permit 100 
(config-route-map)#set ip df 
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set ip dscp 


Use the set ip dscp command to configure the route map to set the Differentiated Services Code Point 
(DSCP) value in the IP header of the packet for traffic serviced by this route map. For more details on 
DSCP values, refer to the command match ip dscp on page 2605. Use the no form of this command to 
remove the specified DSCP value. Variations of this command include: 


set ip dscp <value> 
set ip dscp afxx 
set ip dscp csx 

set ip dscp default 
set ip dscp ef 


Syntax Description 





<value> Specifies the DSCP numeric value. Valid range is 0 to 63. 


afxx Specifies the assured forwarding (AF) class and subclass. Select from: 11 
(001010), 12 (001100), 13 (001110), 21 (010010), 22 (010100), 
23 (010110), 31 (011010), 32 (011100), 33 (011110), 41 (100010), 
42 (100100), or 43 (100110). 


csx Specifies the class selector (CS) value. Valid range is 1 to 7. 
default Specifies the default IP DSCP value (000000). 
ef Specifies marking for expedited forwarding (EF). 


Default Values 


No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example instructs the route map named MyMap to set the IP header with a DSCP Assured 
Forwarding Class 1, Subclass 2 (af12): 


(config)#route-map MyMap permit 100 
(config-route-map)#set ip dscp af12 
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set ip next-hop </p address> 


Use the set ip next-hop command to set the next-hop IP address to the specified address for all routes 
serviced by the route map. Use the no form of this command to remove the configured next-hop address. 


Syntax Description 


<ijp address> Specifies a valid IP address. IP addresses should be expressed in dotted 
decimal notation (for example, 10.10.10.1). More than one address can be 
entered, and the router uses the first available route from the list. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets the ip next-hop interface to 10.10.11.254 in the header of the route map named 
MyMap: 


(config)#route-map MyMap permit 100 
(config-route-map)#set ip next-hop 10.10.11.254 
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set ip precedence 


Use the set ip precedence command to configure the route map to set the precedence value in the IP 
header of the packet for traffic serviced by the route map. For more details on IP precedence values, refer 
to the command match ip precedence on page 2609. Use the no form of this command to remove the 
specified IP precedence value. Variations of this command include: 


set ip precedence <value> 

set ip precedence critical 

set ip precedence flash 

set ip precedence flash-override 
set ip precedence immediate 
set ip precedence internet 

set ip precedence network 

set ip precedence priority 

set ip precedence routine 


Syntax Description 





<value> Specifies matching the IP precedence (in numeric value). Valid range is 

0 to 7 in ascending order of importance. 
routine Specifies matching the IP precedence routine. (Numeric value of 0.) 
priority Specifies matching the IP precedence priority. (Numeric value of 1.) 
immediate Specifies matching the IP precedence immediate. (Numeric value of 2.) 
flash Specifies matching the IP precedence flash. (Numeric value of 3.) 
flash-override Specifies matching the IP precedence flash-override. (Numeric value of 4.) 
critical Specifies matching the IP precedence critical. (Numeric value of 5.) 
internet Specifies matching the IP precedence internet. (Numeric value of 6.) This 


level is reserved for internal network use. 


network Specifies matching the IP precedence network. (Numeric value of 7.) This 
level is reserved for internal network use. 


Default Values 





No default value necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example sets an IP precedence value of critical in the IP header of the route map named 
MyMap: 


(config)#route-map MyMap permit 100 
(config-route-map)#set ip precedence critical 
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set local-preference <value> 


Use the set local-preference command to restrict traffic to a local autonomous system. Use the no form of 
this command to cancel the local preference. 


Syntax Description 


<value> Sets the local preference value. Valid range is 0 to 4,294,967,295. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the local preference for MyMap to a value of 100: 


(config)#route-map MyMap permit 100 
(config-route-map)#set local-preference 100 
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set metric <value> 


Use the set metric command to specify a metric value for the route map. Use the no form of this command 
to cancel the metric value. 


Syntax Description 
<value> Sets the metric value. Valid range is 0 to 4,294,967,295. 


Default Values 





No default value necessary for this command. 


Command History 





Release 10.1 Command was introduced. 


Usage Examples 





The following example sets the metric value for MyMap to 100: 


(config)#route-map MyMap permit 100 
(config-route-map)#set metric 100 
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set metric-type 


Use the set metric-type command to set the OSPF metric type for the route map. Use the no form of this 


command to return to the default value. Variations of this command include: 


set metric-type type-1 
set metric-type type-2 


Syntax Description 





type-1 Specifies intra-area metric. 
type-2 Specifies inter-area metric. 


Default Values 





By default, the metric type is set to type 1. 


Command History 


Release 14.1 Command was introduced. 


Usage Examples 





The following example sets the metric-type value for MyMap to type 2: 


(config)#route-map MyMap permit 100 
(config-route-map)#set metric-type type-2 
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TACACS+ GROUP CONFIGURATION COMMAND SET 


To activate the Terminal Access Controller Access Control System Plus (TACACS+) Group 
Configuration mode, enter the aaa group server tacacs+ command at the Global Configuration mode 
prompt. For example: 


>enable 

#configure terminal 

(config)#aaa group server tacacs+ TEST GROUP 
(config-sg-tacacs+)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 

end on page 50 

exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


server <value> on page 2629 
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server <value> 


Use the server command to specify a particular TACACS+ server’s IP address or host name. Use the no 
form of this command to disable this feature. 


Syntax Description 


<value> Specifies a TACACS+ server IP address or host name. IP addresses should 
be expressed in dotted decimal notation (for example, 10.10.10.1). 


Default Values 





No default is necessary for this command. 


Command History 





Release 11.1 Command was introduced. 


Usage Examples 





The following example specifies the IP address of the TACACS+ server: 


(config)#aaa group server tacacs+ TEST_GROUP 
(config-sg-tacacs+)#server 192.168.1.1 
(config-sg-tacacs+)# 
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TOP TRAFFIC CONFIGURATION COMMAND SET 


To activate the Top Traffic Configuration mode, enter the ip flow top-talkers command at the Global 
Configuration mode prompt. For example: 


>enable 

#configure terminal 
(config)#ip flow top-talkers 
(config-top-talkers)# 


The following commands are common to multiple command sets and are covered in a centralized section 
of this guide. For more information, refer to the sections listed below: 


cross-connect on page 45 
do on page 49 
exit on page 51 


All other commands for this command set are described in this section in alphabetical order. 


interval on page 2631 

match list <name> on page 2632 

monitor port <number> <description> on page 2633 
sort-by on page 2634 

top <number> on page 2635 
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interval 


Use the interval command to specify the minimum interval for which Top Talkers data is collected. Use 
the no form of this command to reset the interval to the default value. Variations of this command include: 


interval 5 
interval 10 
interval 15 





lost. 


If the interval is changed after Top Talkers has been enabled, all accumulated data will be 
UT! 





Syntax Description 


5 Collects Top Talkers data at 5-minute intervals. 
10 Collects Top Talkers data at 10-minute intervals. 
15 Collects Top Talkers data at 15-minute intervals. 


Default Values 





By default, the interval for Top Talkers data collection is set to 5-minute intervals. 


Command History 





Release 17.1 Command was introduced. 


Functional Notes 





When viewing Top Talkers data, the current interval displayed is the interval set with this command. As the 
specified interval for data accumulation ends, the data is compiled into hourly, 24-hourly, and daily 
readouts. 


Usage Examples 





The following example sets the interval for Top Talkers data collection to 10-minute intervals: 


(config)#ip flow top-talkers 
(config-top-talkers)#interval 10 
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match list <name> 
Use the match list command to specify an access control list (ACL) be used to filter the data that can be 


used in Top Talkers listings. Use the no form of this command to specify no ACL is used and all traffic is 
considered. 


Syntax Description 





<name> Specifies the name of the ACL to be used to filter Top Talkers data 
collection. 


Default Values 





By default, no ACL is assigned and all traffic is considered. 


Command History 





Release 17.1 Command was introduced. 


Usage Examples 





The following example applies the ACL named engineering to filter Top Talkers data collection: 


(config)#ip flow top-talkers 
(config-top-talkers)#match list engineering 
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monitor port <number> <description> 


Use the monitor port command to add a custom port to the port monitoring list in the Top Talkers feature. 
Use the no form of this command to remove the port from the monitoring list. 


Syntax Description 


<number> Specifies the port number to be monitored. 
<description> Optional. Specifies the application name associated with the port. 


Default Values 





By default, port monitoring is enabled and monitors well-known TCP and UDP ports when Top Talkers is 
enabled. Up to 32 custom ports can be added to the port monitoring list. 


Command History 





Release 17.1 Command was introduced. 


Usage Examples 





The following example adds port 3724, the World of Warcraft gaming port, to Top Talkers’ port monitoring 
list: 


(config)#ip flow top-talkers 
(config-top-talkers)#monitor port 3724 World of Warcraft Gaming 
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sort-by 


Use the sort-by command to specify the type of data for the Top Talkers collection. Use the no form of 
this command to return the sorting procedure to the default setting. Variations of this command include the 
following: 


sort-by packets 
sort-by bytes 





will be lost. 


If the statistic to be gathered is changed once Top Talkers is configured, all existing data 
UT! 





Syntax Description 





packets Specifies packet statistics are monitored for Top Talkers collection. 
bytes Specifies byte statistics are monitored for Top Talkers collection. 


Default Values 





By default, Top Talkers will collect byte statistics. 


Command History 





Release 17.1 Command was introduced. 


Functional Notes 





Data used in the Top Talkers collection can be collected by monitoring the number of packets sent or 
received or the number of bytes sent or received in a specified amount of time. Collection by byte count 
and packet count are mutually exclusive and must be configured by the user. Yet each can be helpful 
depending on specific network needs. Using packet counts to monitor hosts can make it easier to identify 
the source of problems in cases where a host is infected by a virus, or attacking the network with a port 
scan. Using byte counts can display overall bandwidth consumption on a host-by-host basis. 


Usage Examples 





The following example specifies packet statistics for collection: 


(config)#ip flow top-talkers 
(config-top-talkers)#sort-by packets 
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top <number> 


Use the top command to specify the number of listings included in the Top Talkers report. Use the no form 
of this command to return to the default value. 





data will be lost. 


If the number of listings is changed after Top Talkers has been enabled, all accumulated 
dion 





Syntax Description 





<number> Specifies the number of listings shown in the Top Talkers report. Range is 
1 to 20. 


Default Values 


By default, Top Talkers will display 5 listings in a report. 


Command History 





Release 17.1 Command was introduced. 


Usage Examples 


The following example specifies that 10 listings will be included in the Top Talkers report: 


(config)#ip flow top-talkers 
(config-top-talkers)#top 10 
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caller-id override 1053, 1247, 2456, 2491 
caller-id-override number 2362, 2397, 2425 
caller-number 1439 
calling-party 1252 
call-privilege 2261 
call-type voice 2242 
call-waiting 2492 
camp-on 2263 
capture commands 2565 
capture header 2566 
capture trigger 2567 
cdma activate otasp 1063 
Cellular Interface Configuration Command Set 1062 
certificate 2057 
certificate ca 2058 
Certificate Configuration command set 2056 
channel 2008 
channel-group mode on 1110 
check-supported replaces 2426 
clear access-list 63 
clear arp-cache 64 
clear arp-entry 65 
clear bridge 66 
clear buffers max-used 67 
clear counters 68 
clear counters media-gateway 69 
clear counters probe 70 
clear counters track 71 
clear counters vlan 72 
clear counters voice-trunk 73 
clear crypto ike sa 74 
clear crypto ipsec sa 75 
clear dot11 client 77 
clear dump-core 78 
clear event-history 79 
clear gvrp statistics 80 
clear host 81 
vrf 81 
clear ip bgp 82 
clear ip cache 84, 85 
vrf 85 


clear ip cache counters 85 
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debug ip urlfilter 231, 232 
debug ip urlfilter top-websites 232 
debug isdn 233 
debug isdn group 235 


debug isdn resource-manager 236 
debug isdn verbose 237 
debug Ildp 238 
debug mail-clientl 239 
debug ntp 240 
debug port security 243 
debug port-auth 241 
debug ppp 244 
debug pppoe client 245 
debug probe 246 
debug probe responder twamp 246 
debug radius 248 
debug sip 249 
debug sip proxy 251 
debug sip stack 252 
debug snmp packets 254 
debug sntp 255 
debug spanning-tree 257 
debug spanning-tree bpdu 256 
debug stack 258 
debug system 259 
debug tacacs+ 260 
debug tcl 261 
debug track 262 
debug twping 263 
debug voice 264 
debug vrrp 267 
default 
codec 2255 
default-information-originate 2205 
default-level 2265 
default-metric 2206, 2226 
default-privacy | restricted-privacy 788 
default-router 2547 
demand interface 1434 
demand-hold-queue 1448 
demand-hold-queue timeout 1448 
deny 2113, 2148 
deny-template 2266 
description 48 
destination 
probe 2158 
DHCP 
vrf 2561 
DHCP Pool command set 2543 
dial-backup auto-backup 1323, 1537, 1619, 1759, 1846 
dial-backup auto-restore 1324, 1538, 1620, 1760, 1847 
dial-backup backup-delay 1325, 1539, 1621, 1761, 1848 
dial-backup call-mode 1326, 1540, 1622, 1762, 1849 
dial-backup connect-timeout 1330, 1544, 1626, 1766, 
1853 
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dial-backup force 1331, 1545, 1627, 1767, 1854 
dial-backup maximum-retry 1332, 1546, 1628, 1768, 1855 
dial-backup number 1333, 1547, 1629, 1769, 1856 
dial-backup priority 1334, 1548, 1630, 1770, 1857 
dial-backup randomize-timers 1335, 1549, 1631, 1771, 
1858 
dial-backup redial-delay 1336, 1550, 1632, 1772, 1859 
dial-backup restore-delay 1337, 1551, 1633, 1773, 1860 
dial-backup schedule 1338, 1552, 1634, 1774, 1861 
dial-backup shutdown 1339, 1553, 1635, 1862 
dialin 1248 
dial-string source 2429 
dialtone 2459 
did 2325, 2342, 2499 
did digits-transferred 2366, 2460 
digits-transferred 1254 
dir 269 
directory-include 2500 
disable 270 
enable mode 270 
disable, basic mode 33 
disable-callwaiting 2267 
distance bgp 2121 
distribute-list 2133, 2228 
dnd 2268, 2501 
dnis-digits prefix 2461 
dns-server 2089, 2548 
do 49 
domain 2430 
domain-name 2549 
vrf 691 
door-phone 2269, 2502 
dot lap access-point-controller 660 
dscp 2159 
DSX-1 Interface Configuration command set 1075 
dynamic-dns 1113, 1340, 1403, 1449, 1554, 1636, 1687, 
1775, 1863, 1934 
E 
E1 Interface Configuration command set 1085 
early-cut-through 2367, 2462 
ebgp-multihop 2134 
echo-cancellation 2299, 2368, 2400, 2463, 2503 
email 2326, 2343, 2504 
email address 2047 
email-secondary 2327, 2344, 2505 
enable 33 
basic mode 33 
enable mode 60 
Enable Mode command set 60 
enable password 661 
encapsulation 1342 


encapsulation 802.1q 1115, 1994 
encapsulation frame-relay ietf 1509 
encryption 2094 
end 50 
enrollment retry 2048 
enrollment terminal 2049 
enrollment url 2050 
entry-filename 2250 
equipment-type 1271 
erase 271 
erase file-system cflash 272 
et-clock-source 1259 
Ethernet Interface Configuration command set 1101 
Ethernet Sub-Interface Configuration command set 1101 
ethernet-speed 1996 
event-history 1997 
on 662 
event-history priority 663 
events 273 
exception memory minimum 665 
exception report 666 
exception report generate 274 
exec 601 
executive-extension 2345 
exit 51 
expect regex 2160 
expect status 2161 
expire-time 2315 
external-fwd 2270 
external-loopback-request 1243 
F 
factory-default 275 
fair-queue 1343, 1451, 1510, 1638, 1777 
fast-idle 1452 
fdl 1284 
FDL Interface Configuration command set 1208 
first-name 2506 
flowcontrol 1013 
forward 2271, 2507 
forward-disconnect 2508 
fqdn 2051 
fragment-threshold 2010 
Frame Relay Interface Configuration command set 1507 
Frame Relay Sub-Interface Configuration command set 
1529 
frame-relay be 1556 
frame-relay be 1557 
frame-relay fragment 1558 
frame-relay interface-dlci 1559 
frame-relay intf-type 1511 
frame-relay Imi-n391dce 1512 
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frame-relay Imi-n391dte 1513 

frame-relay Imi-n392dce 1514 

frame-relay Imi-n392dte 1515 

frame-relay Imi-n393dce 1516 

frame-relay Imi-n393dte 1517 

frame-relay Imi-t391dte 1518 

frame-relay Imi-t392dce 1519 

frame-relay Imi-type 1520 

frame-relay multilink 1521 

framing 1077, 1088, 1237, 1285, 1301 

framing crc4 1088, 1237 

ftp authentication 667 

full-duplex 1116, 1998 

fwd-courtesy 2509 

FXO Interface Configuration command set 1214 
FXS Interface Configuration command set 1223 


G 


G.703 Interface Configuration command set 1235 

garp timer 668 

Gigabit-Ethernet Interface Configuration command set 
1101 

Global Configuration Mode command set 593 

greeting-length max 2316 

greeting-quota 2317 

group 2095 

gvrp 669 

H 

half-duplex 1117, 1999 

hardware-address 2550 

hash 2096 

HDLC Configuration command set 1610 

history-depth 2162 

hold 2272 

hold-queue 1344, 1453, 1639 
out 1523, 1778 

hold-timer 2122, 2135 

host 2552 

hostname 670 

hotel 2273, 2510 

hotline 2511 

hours minutes time format 2540 

HSSI Interface Configuration command set 1242 

I 

idle-timeout 1454 

ignore dcd 1260 

ignore-error-duration 1272 

IKE Client command set 2088 

IKE Policy Attributes command set 2092 

IKE Policy command set 2098 

ike-policy 2064, 2079 

impedance 1215, 1224 


inactivity-timeout max 2011 

inband-detection 1273 

inband-protocol 1274 

incoming-accept-number 2244 

initiate 2104 

init-string 1249 

interface 52 

interface adsl 1048 

interface ap 1987 

interface atm 1309 

interface atm (sub-interface) 1313 

interface bri 1052 

interface bvi 1398 

interface dds 1067 

interface el 1085 

interface ethernet 1101 

interface ethernet sub 1101 

interface fdl 1208 

interface frame-relay 1507, 1529 

interface fxo 1214 

interface fxs 1223 

interface G.703 1235 

interface gigabit-ethernet 1101 

interface hdlc 1610 

interface hssi 1242 

interface loopback 1682 

interface modem 1246 

interface port-channel 1725 

interface ppp 1749, 2185 

interface pri 1251 

interface radio 2004 

interface range 671, 1101 

interface serial 1258 

interface shdsl 1267 

interface tl 1075, 1281 

interface t3 1298 

interface tunnel 1840 

interface vlan 1926, 2028 

interval 2631 

invert etclock 1261 

invert rxclock 1262 

invert txclock 1263 

ip access-group 1118, 1345, 1405, 1455, 1560, 1640, 1689, 
1779, 1865, 1936 

ip access-list extended 673 

ip access-list standard 677 

ip address 1122, 1209, 1349, 1408, 1564, 1641, 1690, 
1783, 1866, 1937, 2000 

ip address dhcp 1119, 1346, 1406, 1561, 1780, 1938 

ip address negotiated 1456, 1781 
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ip address secondary 1122, 1408, 1457, 1564, 1641, 1690, 
1783 

ip as-path-list 679, 2112 

ip classless 680 

ip community-list 681, 2147 

ip crypto 682 

ip default-gateway 683, 2001 

ip dhcp 1350, 1565, 1941 

ip dhcp release 1123 

ip dhcp renew 1124 

ip dhcp-server database local 684 

ip dhcp-server excluded-address 685 

ip dhcp-server ping packets 687 

ip dhcp-server ping timeout 688 

ip dhcp-server pool 689, 2543 

ip directed-broadcast 1125, 1351, 1409, 1458, 1566, 1642, 
1691, 1784, 1867, 1942 

ip domain-lookup 690 

ip domain-name 691 

ip domain-proxy 692 
vrf 692 

ip ffe 1127, 1353, 1568, 1786, 1944 

ip ffe max-entries 693 

ip ffe timeout 694 

ip firewall 696 

ip firewall alg 701 

ip firewall attack-log threshold 704 

ip firewall check reflexive-traffic 705 

ip firewall check rst-seq 706 

ip firewall check syn-flood 707 

ip firewall check winnuke 708 

ip firewall fast-nat-failover 709 

ip firewall fin-timeout 710 

ip firewall nat-preserve-source-port 711 

ip firewall policy-log threshold 712 

ip firewall rst-timeout 713 

ip firewall stealth 714 

ip firewall vrf 715 

ip flow 1129, 1355, 1411, 1460, 1570, 1644, 1693, 1788, 
1869, 1913 

ip flow cache sample 716 

ip flow cache timeout 717 

ip flow export 718 

ip flow export template 720 

ip flow top-talkers 722 

ip forward-protocol udp 724 

ip ftp access-class 726 

ip ftp source-interface 728 

ip helper-address 1130, 1356, 1412, 1461, 1571, 1645, 
1694, 1789, 1870, 1947 

ip host 729 


vrf 729 

ip http 730 

ip http source-interface 732 

ip igmp 1132, 1358, 1463, 1573, 1646, 1696, 1790, 1872, 
1949 
snooping vlan 735 

ip igmp join 733 

ip igmp snooping 734 
vlan mrouter interface 736 
vlan static interface 737 

ip learn-address 1210 

ip load-sharing 739 

ip local policy route-map 740 

ip mcast-stub downstream 1134, 1360, 1465, 1575, 1648, 
1698, 1792, 1874, 1951 

ip mcast-stub fixed 1135, 1361, 1466, 1576, 1649, 1699, 
1793, 1875, 1946, 1952 

ip mcast-stub helper-address 741 

ip mcast-stub helper-enable 1136, 1362, 1467, 1577, 
1650, 1700, 1794, 1876, 1953 

ip mcast-stub upstream 1137, 1363, 1468, 1578, 1651, 
1701, 1795, 1877, 1954 

ip mtu 1955 

ip multicast routing 742 

ip name-server 743 

ip ospf 1138, 1364, 1414, 1469, 1579, 1652, 1702, 1796, 
1878, 1956 

ip ospf authentication 1140, 1366, 1416, 1471, 1581, 1654, 
1704, 1798, 1880, 1958 

ip ospf network 1141, 1367, 1417, 1472, 1582, 1655, 1705, 
1799, 1881, 1959 

ip pim sparse-mode 1142, 1368, 1583, 1656, 1706, 1800, 
1882, 1960 

ip pim-sparse dr-priority 1143, 1369, 1584, 1657, 1707, 
1801, 1883, 1961 

ip pim-sparse hello-timer 1144, 1370, 1585, 1658, 1708, 
1802, 1884, 1962 

ip pim-sparse nbr-timeout 1145, 1371, 1586, 1659, 1709, 
1803, 1885, 1963 

ip pim-sparse override-interval 1146, 1372, 1587, 1660, 
1710, 1804, 1886, 1964 

ip pim-sparse propagation-delay 1147, 1373, 1588, 1661, 
1711, 1805, 1887, 1965 

ip policy route-map 1148, 1374, 1418, 1473, 1589, 1662, 
1712, 1806, 1888 

ip policy-class 744 
max-host-sessions 750 
max-sessions 750 
rpf-check 752 

ip policy-timeout 753 

ip prefix-list description 756 
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ip prefix-list seq 757 

ip proxy failover trust-domain 808 

ip proxy-arp 1149, 1375, 1419, 1474, 1590, 1663, 1713, 
1807, 1889, 1966 

ip radius source-interface 759 

ip rip receive version 1150, 1376, 1420, 1475, 1591, 1664, 
1714, 1808, 1890, 1967, 2238 

ip rip send version 1151, 1377, 1421, 1476, 1592, 1665, 
1715, 1809, 1891, 1968, 2238 

ip rip summary-address 1152, 1378, 1422, 1477, 1593, 
1666, 1716, 1810, 1892, 1969 

ip route 760 

ip route vrf 762 

ip route-cache 1153, 1379, 1423, 1478, 1594, 1667, 1717, 
1811, 1893, 1970 

ip routing 764 

ip rtp firewall-traversal 765 

ip rtp qos dscp 766 

ip rtp quality-monitoring 767 

ip rtp quality-monitoring history 769 

ip rtp quality-monitoring jitter-buffer 771 

ip rtp quality-monitoring jitter-threshold 772 

ip rtp quality-monitoring round-trip-delay 773 

ip rtp quality-monitoring threshold jitter 774 

ip rtp quality-monitoring threshold loss 775 

ip rtp quality-monitoring threshold lq-mos 776 

ip rtp quality-monitoring threshold pq-mos 777 

ip rtp symmetric-filter 778 

ip rtp udp 779 

ip scp server 780 

ip sdp grammar hold 781 

ip sip 782 

ip sip access-class 783 

ip sip database local 784 

ip sip default-call-routing 785 

ip sip emergency-call-routing 786 

ip sip grammar 788 
alert-info url 787 
from 789 
p-asserted-identity host 791 
proxy-require privacy 792 
request-uri 793 
supported 100rel 795, 805 
to host 796 

ip sip location 798 

ip sip privacy 799 

ip sip proxy 800 

ip sip proxy allowed-servers 801 

ip sip proxy dial-string source 802 

ip sip proxy domain 803 

ip sip proxy failover codec-group 804 


ip sip proxy failover dial-string source 805 

ip sip proxy failover match-digits 806 

ip sip proxy failover sip-keep-alive 807 

ip Sip proxy grammar 809 

ip Sip proxy sip-server primary 810 

ip Sip proxy transparent 812 

ip sip proxy transparent nat-simulate 812 

ip sip qos dscp 813 

ip Sip registrar 814 

ip sip timer 817 

ip sip timer registration-failure-retry 818 

ip sip timer rollover 819 

ip snmp agent 821 

ip sntp server 822 
send-unsynced 823 

ip sntp server source-interface 824 

ip sntp source-interface 825 

ip ssh-server 672 

ip subnet-zero 826 

ip tacacs source-interface 827 

ip telnet-server 672 

ip tftp server 727, 828 

ip tftp server default-filesystem 727 

ip tftp source-interface 829 

ip unnumbered 1154, 1380, 1424, 1479, 1595, 1668, 1718, 
1812, 1971 

ip urlfilter 1155, 1381, 1425, 1480, 1596, 1669, 1719, 
1813, 1894, 1972 

ip urlfilter allowmode 831 

ip urlfilter exclusive-domain 832 

ip urlfilter http 830 

ip urlfilter max-request 833 

ip urlfilter max-response 834 

ip urlfilter server 835 

ip vrf forwarding 838, 1156, 1382, 1426, 1481, 1597, 
1670, 1720, 1814, 1895, 1973 

ip vrf route-distinguisher 837 

ip-address 2052 

ip-range 2090 

ISDN Group Configuration command set 2240 

isdn Idn 1054 

isdn name-delivery 1255 

isdn spid 1055 

isdn switch-type 1057, 1256 

isdn-group 839, 2240 

isdn-number-template 840 

J 

join-prune-msg-interval 2221 

K 

keepalive 1482, 1671, 1815, 1896 
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L 
last-name 2512 
Ibo 1286 
lease 2553 
lifetime 2097 
Line (Console) Interface Configuration command set 
1006 
Line (SSH) Interface Configuration command set 1022 
Line (Telnet) Interface Configuration command set 1034 
line console 843, 1006 
line ssh 843, 1022 
line telnet 843, 1034 
line-length 1078, 1302 
line-mode 1275 
linerate 1276 
line-timeout 1014, 1030, 1042 
Ildp 845 
Ildp receive 1157, 1483, 1598, 1672, 1727, 1816, 1897 
Ildp send 1158, 1484, 1599, 1673, 1728, 1817, 1898 
local-as 2136 
local-id 2105 
location 2002 
log 675, 677 
log-changes 2187 
logging console 847 
logging email 
address-list 848 
exception-report address-list 849 
ip urlfilter top-websites 850 
on 851 
priority-level 852 
receiver-ip 853 
source-interface 855 
logging facility 856 
logging forwarding on 857 
logging forwarding priority-level 858 
logging forwarding receiver-ip 859 
logging forwarding source-interface 860 
login 1015, 1031, 1043 
login authentication 1016, 1032, 1044 
login local-userlist 1017, 1033, 1045 
login-member 2328, 2346 
logout 34, 276 
logout-group 2274 
loop-alarm-detect 1089 
loopback 1071, 1216, 1225, 1244, 1277 
Loopback Interface Configuration command set 1682 
loopback local 1058 
loopback network 1059, 1079, 1090, 1238, 1287, 1303 
loopback remote 1304 
loopback remote inband 1278 


loopback remote line 1288 
loopback remote line inband 1080 
loopback remote payload 1289 
loopback remote v54 1091 

M 


mac access-list standard 861 

mac address-table aging-time 862 

mac address-table static bridge interface 863 

mac address-table static vlan interface 864 

mac-address 1160, 1427, 1974 

Mail Agent Configuration Command Set 2562 

mail-client 865 

maintenance 1060 

match 2577 

match address 2065, 2080 

match as-path 2601 

match community 2602 

match dscp 2580 

match ip address 2603 

match ip address prefix-list 2604 

match ip dscp 2605 

match ip precedence 2609 

match length 2611 

match list 2632 

match metric 2612 

match precedence 2584 

match substitute 2369, 2401, 2431, 2464 

match track 2067 

match-interesting 1454, 1486 

max-channels 2246 

maximum-paths 2123, 2209 

max-inbound 2329, 2347 

max-number-calls 2432 

max-reserved-bandwidth 1161, 1383, 1428, 1487, 1524, 
1675, 1819, 1975 

max-sessions 2181 

media ethernet 1914 

media-gateway ip 1162, 1384, 1601, 1676, 1820, 1900, 
1976 

member 2330, 2348 

message-length max 2318 

message-quota 2319 

message-waiting 2275, 2513 

min-channels 2247 

modem countrycode 866 

Modem Interface Configuration command set 1246 

modem-passthrough 2370, 2402, 2465, 2514 

monitor port 2633 

monitor session 869 

mtu 1163, 1211, 1385, 1429, 1488, 1602, 1677, 1721, 1821, 
1901 
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N 

name 1915, 2003 

nat-traversal 2107 

neighbor 2124 
netbios-name-server 2091, 2554 
netbios-node-type 2555 
network 2125, 2230, 2556 
network area 2210 


Network Monitor Probe Configuration command set 


2150, 2177 


Network Monitor Track Configuration command set 


2185 
next-hop-self 2138 
nls 2300, 2466, 2515 
no default-originate 2139 
no ip vrf 837 
ntp master 871 
ntp max-associations 872 
ntp peer 874 
ntp update-rtc 876 
ntp-server 2557 
num-packets 2163 
num-rings 2301, 2331, 2349, 2517 
O 
oam retry 1387 
oam-pvc managed 1388 
option 2558 
outage-retrain 1279 
outbound-proxy primary 2433 
outbound-proxy secondary 2434 
overhead-paging 2276 
override-passcode 2277 
P 
parity 1018 
park 2278 
passive-interface 2231 
password 1019, 1046, 2053, 2140, 2302, 2519 
peer 2108 
peer default ip address 1213, 1490, 1822 
period 2164 
permit 2114, 2149 
permit template 2279 
ping 35, 277 
ping stack-member 280 
vrf 280 
ple 2303, 2371, 2403, 2467, 2520 
port 2182 
portal-list 877 
port-auth auth-mode 1164 
port-auth control-direction 1165 
port-auth default 878 


port-auth max-req 879 
port-auth multiple-hosts 1166 
port-auth port-control 1167 
port-auth re-authentication 880 
port-auth supplicant 881 
port-auth timeout 882 
Port-Channel Interface Configuration command set 1725 
port-channel load-balance 883 
power inline 1168 
power local 2012 
power-supply shutdown automatic 884 
ppoe ac-name 1833 
ppp authentication 1491, 1823 
ppp bcp tagged-frame 1496, 1828 
ppp chap hostname 1497, 1829 
ppp chap password 1498, 1830 
ppp chap sent-username/password 1501, 1832 
PPP Interface Configuration command set 1749 
ppp multilink 1499, 1831 
pppoe service-name 1834 
preamble 2013 
preamble-short 2013 
prefix 2332, 2350 
prefix-list 2141, 2604 
PRI Interface Configuration command set 1251 
priority 2586 
probe 885, 2150, 2177 
destination 2158 
program-user-speed 2280 
prompt-delete 2320 
protection-mode 2014 
pve 1389 


Q 

qos 1171, 1730 

qos cos-map 888 

qos dscp-cos 889 

qos map 890, 2573 

QoS Map command set 2573 

qos queue-type strict-priority 892 

qos queue-type wir 893 

qos-mode wmm 2016 

qos-policy 1169, 1390, 1502, 1525, 1835, 1977, 2589 
qos-policy out 1431 

R 

radio interface 2004 

Radio Interface Configuration command set 2004 
radio-mode 2018 

Radius Group command set 2597 

radius-server 894 

radius-server host 896 

raw string 2165 
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redial 2281 rts threshold 2021 
redistribute bgp 2211, 2232 run tcl 904 
redistribute connected 2126, 2212, 2233 run-tcl track 283 
redistribute ospf 2127, 2234 rx-gain 1217, 1227 
redistribute rip 2128, 2213 S 
redistribute static 2129, 2215, 2235 sa4tx-bit 1094 
register 2435 schedule 905 
registrar max-concurrent-reg 2438 security wep-key generate 2038 
registrar primary 2439 security wep-key seed 2040 
registrar require-expires 2440 seize-timeout 2311 
registrar secondary 2441 send test 2569 
registrar threshold 2442 send trigger 2570 
reject 2304, 2391 send-community standard 2144 
reject-external 2372, 2404, 2443, 2468 send-schedule periodic 2166 
reload 281 Serial Interface Configuration command set 1258 
reload dot11 interface dot1 lap 282 serial-mode 1264 
remote-alarm 1092 serial-number 2054 
remote-alarm rai 1290 server 2571, 2598, 2629 
remote-as 2142 service password-encryption 907 
remote-fwd 2282 set as-path prepend 2614 
remote-loopback 1072, 1081, 1093, 1291, 1305 set comm-list delete 2615 
rename 2283, 2321 set community 2616 
reset 1064, 1920 set cos 2591 
resource pool 1503 set default interface 2618 
resource pool-member 1061, 1065, 1250, 2248 set dscp 2592 
resource-selection 2373, 2393, 2405, 2469 set interface 2619 
respond 2110 set ip default next-hop 2620 
retrain 1049 set ip df 2621 
retrieve-park 2284 set ip dscp 2622 
return-last-call 2285 set ip next-hop 2623 
ring-voltage 1226 set ip precedence 2624 
role 1257 set local-preference 2625 
Route Map Configuration command set 2599 set metric 2626 
route-distinguisher 837 set metric-type 2627 
route-map 898, 2143 set peer 2071, 2082 
Router (OSPF) Configuration command set 2200 set pfs 2073 
Router (PIM Sparse) Configuration command set 2220 set precedence 2594 
Router (RIP) Configuration command set 2224 set security-association idle-time 2075 
router bgp 899, 2115 set security-association lifetime 2074 
router bgp-neighbor 2130 set session-key 2083 
router ospf 900, 2200 set transform-set 2076, 2087 
router pim-sparse 901, 2220 shape average 2595 
router rip 902, 2224 SHDSL Interface Configuration command set 1267 
rp-address 2222 shortcuts 19 
rtp delay-mode 2306, 2374, 2406, 2470, 2521 short-slot-time 2022 
rtp dtmf-relay 2307, 2375, 2407, 2471, 2522 show 1921 
rtp frame-packetization 2308, 2376, 2408, 2472, 2523 show access-lists 284 
rtp packet-delay 2309, 2377, 2409, 2473, 2524 show arp 285 
rtp qos dscp 2310, 2378, 2410, 2474, 2525 vrf 285 
rtp quality-monitoring 1172, 1310, 1432, 1504, 1603, show atm pvc 287 

1680, 1837, 1979, 2020 show atm traffic 288 
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show auto-config 290 
show bridge 291 
show buffers 293 
show buffers users 295 
show cflash 297 
show channel-group 298 
show clock 37, 299 
show configuration 300 
show connections 302 
show crypto ca 303 
show crypto ike 305 
show crypto ipsec 307 
show crypto map 309 
show debugging 311 
show demand 312 
show dial-backup interfaces 315 
show dialin interfaces 316 
show dot11 access-point 317 
show dot11 clients 320 
show dot11 statistics interface dot! lap 322 
show dynamic-dns 324 
show event-history 325 
show fan-tach 326 
show file 327 
show flash 329 
show frame-relay 332 
show frame-relay fragment 330 
show frame-relay multilink 334 
show garp timer 335 
show gvrp configuration 336 
show gvrp statistics 337 
show hosts 338 
vrf 338 
show interfaces 340, 343 
show interfaces adsl 347 
show interfaces cellular 349 
show interfaces dotl lap 350 
show ip access-lists 353 
show ip arp 354 
vrf 354 
show ip as-path-list 356 
show ip bgp 358 
show ip bgp community 360 
show ip bgp community-list 363 
show ip bgp neighbors 365 
show ip bgp regexp 368 
show ip cache 370 
vrf 370 
show ip community-list 372 
show ip dhcp-client lease 373 
show ip dhcp-server binding 374 


show ip ffe 376, 2233 
show ip flow 378 
show ip flow top-talkers 380 
show ip igmp groups 382 
show ip igmp interface 383 
show ip igmp snooping 385 
show ip interfaces 387 
vrf 431 
show ip local policy 389 
show ip mroute 391 
show ip ospf 393 
show ip ospf database 394 
show ip ospf interface 397 
show ip ospf neighbor 398 
show ip ospf summary-address 400 
show ip pim-sparse 401 
show ip policy 405 
show ip policy-class 406 
show ip policy-sessions 408 
show ip policy-stats 411 
show ip prefix-list 412 
show ip protocols 413 
show ip route 414 
vrf 414 
show ip rtp quality-monitoring 419 
show ip traffic 424 
show ip urlfilter 426 
show ip urlfilter exclusive-domain 427 
show ip urlfilter statistics 428 
show ip urlfilter top-websites 429 
show ip vrf 431 
show isdn resource 435 
show isdn-group 433 
show isdn-number-template 434 
show Ildp 437 
show lldp device 438 
show lldp neighbors 440 
show lldp neighbors statistics 442 
show mac address-table 444 
show mac address-table address 445 
show mac address-table aging-time 447 
show mac address-table count 448 
show mac address-table dynamic 449 
show mac address-table interface 451 
show mac address-table multicast 453 
show mac address-table static 455 
show mail-client 457 
show mail-client body 458 
show media-gateway 459 
show memory 461 
show modules 463 
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show monitor session 464 
show ntp associations 465 
show output-chkdsk 467 
show output-startup 469 
show port-auth 470 
show port-security 472 
show power inline 474 
show power-supply 476 
show pppoe 477 
show probe responder 478 
show probe statistics 478 
show processes 481 
show qos 483 
show qos map 485 
show queue 488 
show queuing 490 
show radius statistics 491 
show route-map 492 
show rtp resources 494 
show running-config 495 
show running-config voice 498 
show schedule 502 
show sip 504 
show sip location 503 
show sip proxy 506 
show sip trunk-registration 508 
show snmp 38, 510 
show sntp 512 
show spanning-tree 
status 513 
show spanning-tree active 515 
show spanning-tree blockedports 516 
show spanning-tree interface 517 
show spanning-tree pathcost method 519 
show spanning-tree root 520 
show stack 522 
show startup-config 525 
show system 527 
show tacacs+ statistics 528 
show tcp info 529 
show tech 531 
show temperature 533 
show thresholds 534 
show toneservices resources 535 
show track 536 
show udp info 538 
show users 540 
show version 39, 542 
show vlan 543 
show voice alias 546 
show voice ani 547 


show voice available 549 
show voice dial-plan 550 
show voice did 551 
show voice directory 552 
show voice door-phone 553 
show voice extensions 554 
show voice grouped-trunk 555 
show voice line 556 
show voice mail 558 

notify-schedule 2526 
show voice operator-group 560 
show voice phone-files 561 
show voice quality-stats 562 
show voice ring-group 564 
show voice speed-dial 566 
show voice spre 567 
show voice status-group 568 
show voice switchboard 569 
show voice system-mode 570 
show voice trunk 572 
show voice users 574 

sip 575 
show virp 576 
shutdown 59, 2167, 2183, 2188 
signal 1228 
signaling-mode 1082 
sip check-sync 578 
sip-identity 2251, 2333, 2351, 2528 
sip-keep-alive 2444 
sip-server primary 2445 
sip-server secondary 2446 
size 2168 


snmp trap 1073, 1173, 1265, 1311, 1527, 1723, 1731, 1902, 


1980 
snmp trap line-status 1095, 1292 


snmp trap link-status 1066, 1074, 1083, 1096, 1174, 1239, 
1245, 1266, 1293, 1306, 1312, 1505, 1528, 1681, 1724, 


1732, 1838, 1903, 1981 
snmp trap threshold-reached 1097, 1294 
snmp-server chassis-id 908 
snmp-server community 909 
snmp-server contact 910 
snmp-server enable traps 911 
snmp-server engineID local 912 
snmp-server engineID remote 914 
snmp-server group 915 
snmp-server host 916 
snmp-server inform 918 
snmp-server location 919 
snmp-server management-url 920 
snmp-server management-url-label 921 
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snmp-server source-interface 922 
snmp-server user 923 

snmp-server view 926 

snr-margin 1050 

sntp retry-timeout 927 

sntp server version 928 

sntp wait-time 929 

soft-reconfiguration inbound 2145 

sort-by 2634 

source-address 2169 

source-interface 2184 

source-port 2170 

spanning-tree bpdufilter 1175, 1392, 1604, 1733 
spanning-tree bpduguard 1176, 1393, 1605, 1734 
spanning-tree cost 1177, 1735 

spanning-tree edgeport 1178, 1394, 1606, 1736 
spanning-tree edgeport bpdufilter default 930 
spanning-tree edgeport bpduguard default 931 
spanning-tree edgeport default 932 
spanning-tree forward-time 933 

spanning-tree hello-time 934 

spanning-tree link-type 1179, 1395, 1607, 1737 
spanning-tree max-age 935 

spanning-tree mode 936 

spanning-tree path-cost 1396, 1608 
spanning-tree pathcost method 937, 1180 
spanning-tree port-priority 1181, 1397, 1609, 1738 
spanning-tree priority 938 
special-ring-cadences 2529 

speed 1020, 1182, 2023 

speed default basic-set 2024 

speed-dial 2530 

spt-threshold 2223 

stack master 939 

stack member 939 

stack vlan 939 

state 1916 

station-lock 2286, 2531 

station-role 2025 

station-role access-point 2025 

stopbits 1021 

storm-control 1183, 1740 

storm-control action 1185 

storm-control action shutdown 1185, 1739 
subject 2572 

subject-name 2055 

summary-address 2217 

suppress null-username 603 

switchport access vlan 1186, 1742 

switchport gvrp 1187, 1743 

switchport mode 1188, 1744 


switchport port-security 1190 
aging 1191 
expire 1192 
mac-address 1193 
maximum 1194 
violation 1195 
switchport protected 1189 
switchport trunk allowed vlan 1196, 1745 
switchport trunk fixed vlan 1197, 1746 
switchport trunk native vlan 1199, 1748 
switchport vlan 1200 
system timing 1295 
system-mode 2287 
system-speed 2288 
T 


TI Interface Configuration command set 1281 
T3 Interface Configuration command set 1298 
t38 2380, 2412, 2478, 2532 

t38 error-correction 2381, 2413, 2479, 2533 
t38 fallback-mode 2382, 2414, 2480, 2534 

t38 max-buffer 2383, 2415, 2481, 2535 

t38 max-datagram 2384, 2416, 2482, 2536 

t38 max-rate 2385, 2417, 2483, 2537 

t38 redundancy 2386, 2418, 2484, 2538 

tacacs 827 


TACACS+ Group Configuration command set 2628 


tacacs-server 941 
tdm-group 1098, 1296 
telnet 40, 579, 942 

telnet stack-member 581 
telnet vrf stack-member 582 
terminal length 583 

test battery 1229 

test if 2189 

test list 2193 

test list weighted 2196 

test loop 1218 

test reverse-battery 1230 
test ring-ground 1219 

test ringing 1231 

test tip-ground 1220 

test tip-open 1232 

test tone 1221, 1233 
test-pattern 1084, 1099, 1240, 1280, 1297, 1307 
tftp-server 2559 

threshold 2171 

thresholds 944 

timeout 2173 

timeout-timer 2236 

timers Isa-group-pacing 2218 
timers spf 2219 
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time-schedule 2199 
timezone-offset 2560 
timing-source 946 
tolerance 2174 
top 2635 
Top Traffic Configuration command set 2630 
traceroute 42, 584 
vrf 584 
track 675, 677, 947, 2185 
traffic-shape rate 1203, 1433, 1982 
training-mode 1051 
transfer 2289 
treat-inbound-as-internal 2475 
trunk 2312, 2394 
trunk-number 2379, 2411, 2476 
trust-domain 2446, 2447 
ts16 1100, 1241 
tunnel checksum 1904 
Tunnel Configuration command set 1840 
tunnel destination 1905 
tunnel key 1906 
tunnel mode gre 1907 
tunnel sequence-datagrams 1908 
tunnel source 1909 
tunnel vrf 1911 
tx-ani 2485 
tx-gain 1222, 1234 
type 2176, 2334, 2352 
U 
undebug all 587 
unlock-door 2290 
update 604 
update-source 2146 
update-timer 2237 
username password 948, 1506, 1839 
username portal-list 949 
user-speed 2291 
V 
vad 2313, 2387, 2419, 2486, 2539 
VAP Interface Configuration command set 2028 
vap-isolation 2026 
version 2238 
vlan 950 
media ethernet 1923 
name 1924 
state 1925 
vlan id 1922 
VLAN Configuration command set 1912 
vlan database 589 
VLAN Database Configuration command set 1917 
VLAN Interface Configuration command set 1926 


vlan-id 1204 

voice alias equals 951 

Voice Auto Attendant Configuration command set 2249 
voice autoattendant 952 

voice call-appearance-mode 953 

voice callerid-type 954 

voice cause-code-map 955 

voice class-of-service 956, 2256, 2314 

Voice CODEC List Configuration command set 2252 
voice codec-country 957 

voice codec-list 958 

voice codec-list trunk 2252 

voice codec-priority 959 

voice codec-subcountry 960 

voice compand-type 961 

voice conferencing-mode 962 

Voice CoS Configuration command set 2256 
voice country-code 963 

voice coverage 964 

voice current-mode 965 

voice dial-plan 966 

voice did extension 968 

voice directory 969 

voice dsp capture 588 

voice feature-mode 970 

voice flashhook mode 971 

voice flashhook threshold 972 

voice forward-mode 973 

voice grouped-trunk 974, 2388 

voice hold-reminder 975 

voice international-prefix 976 

voice line 2292 

Voice Line Configuration command set 2292 
voice loopback 978 

voice mail 979 

voice mail check 980 

Voice Mail CoS Configuration command set 2314 
voice mail leave 981 

voice mail sip-identity 982 

voice mail um-server address 983 

voice num-rings 984 

Voice Operator Group Configuration command set 2322 
voice operator-group 985, 2322 

voice overhead-paging extension 986 

voice park-return 987 

voice prompt-language 988 

Voice Ring Group Configuration command set 2337 
voice ring-group 989, 2337 

voice service-mode 990 

voice speed-dial 991 

voice spre 992 
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voice spre-mode 993 arp 622 
voice status-group 995 clear host 81 
voice status-group expires 994 clear ip cache 85 
voice system-mode 996 clear ip route 96 
voice timeouts 997 debug ip packet 211 
voice transfer 998 debug ip routing 222 
voice transfer-mode 999 ip domain-name 691 
voice transfer-on-hangup 1000 ip domain-proxy 692 
Voice Trunk Analog command set 2355 ip firewall 715 
Voice Trunk Analog DPT command set 2355 ip host 729 
Voice Trunk Analog GS command set 2355 ip local policy route-map 740 
Voice Trunk Analog LS command set 2355 ip name-server 743 
Voice Trunk Group Configuration command set 2388 ip route vrf 762 
Voice Trunk ISDN command set 2395 ip vrf forwarding 838, 1156, 1382, 1481, 1597, 1670, 
Voice Trunk SIP Interface Configuration command set 1814, 1895, 1973 
2420 ip vrf route-distinguisher 837 
Voice Trunk T1 ping 35, 277 
FGD Interface Configuration command set 2448 ping stack-member 280 
GS User Interface Configuration command set 2448 show arp 285 
Immediate Interface Configuration command set show hosts 338 
2448 show ip arp 354 
Interface Configuration command set 2448 show ip cache 370 
LS User Interface Configuration command set 2448 show ip interfaces 431 
TIE Trunk FGD Interface Configuration command show ip local policy 389 
set 2448 show ip route 414 
Wink Interface Configuration command set 2448 telnet 40, 942 
voice trunk type isdn 1001, 2395 traceroute 42, 584 
voice trunk type sip 1001, 2420 tunnel 1911 
voice trunk type tl-rbs supervision 1003 virp commands 1205, 1983 
voice user 1004, 2487 VT100 configuration 11 
Voice User Configuration command set 2487 W 
voiceline 977 wall 591 
voicemail 2335, 2353, 2540 warranty 3 
VRF world-mode dot! 1d 2027 
DHCP 2561 write 592 
vrf 


ACL 675, 677 
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